argoCD monitoring manifests for IaC
This commit is contained in:
parent
e4a184e348
commit
fe4b34bbe2
24544
manifests/argocd/install.yaml
Normal file
24544
manifests/argocd/install.yaml
Normal file
File diff suppressed because it is too large
Load Diff
23
manifests/grafana/.helmignore
Normal file
23
manifests/grafana/.helmignore
Normal file
@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.vscode
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
OWNERS
|
35
manifests/grafana/Chart.yaml
Normal file
35
manifests/grafana/Chart.yaml
Normal file
@ -0,0 +1,35 @@
|
||||
annotations:
|
||||
artifacthub.io/license: Apache-2.0
|
||||
artifacthub.io/links: |
|
||||
- name: Chart Source
|
||||
url: https://github.com/grafana/helm-charts
|
||||
- name: Upstream Project
|
||||
url: https://github.com/grafana/grafana
|
||||
apiVersion: v2
|
||||
appVersion: 11.3.0
|
||||
description: The leading tool for querying and visualizing time series and metrics.
|
||||
home: https://grafana.com
|
||||
icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116
|
||||
keywords:
|
||||
- monitoring
|
||||
- metric
|
||||
kubeVersion: ^1.8.0-0
|
||||
maintainers:
|
||||
- email: zanhsieh@gmail.com
|
||||
name: zanhsieh
|
||||
- email: rluckie@cisco.com
|
||||
name: rtluckie
|
||||
- email: maor.friedman@redhat.com
|
||||
name: maorfr
|
||||
- email: miroslav.hadzhiev@gmail.com
|
||||
name: Xtigyro
|
||||
- email: mail@torstenwalter.de
|
||||
name: torstenwalter
|
||||
- email: github@jkroepke.de
|
||||
name: jkroepke
|
||||
name: grafana
|
||||
sources:
|
||||
- https://github.com/grafana/grafana
|
||||
- https://github.com/grafana/helm-charts
|
||||
type: application
|
||||
version: 8.6.0
|
783
manifests/grafana/README.md
Normal file
783
manifests/grafana/README.md
Normal file
@ -0,0 +1,783 @@
|
||||
# Grafana Helm Chart
|
||||
|
||||
* Installs the web dashboarding system [Grafana](http://grafana.org/)
|
||||
|
||||
## Get Repo Info
|
||||
|
||||
```console
|
||||
helm repo add grafana https://grafana.github.io/helm-charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install my-release grafana/grafana
|
||||
```
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To uninstall/delete the my-release deployment:
|
||||
|
||||
```console
|
||||
helm delete my-release
|
||||
```
|
||||
|
||||
The command removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
## Upgrading an existing Release to a new major version
|
||||
|
||||
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
|
||||
incompatible breaking change needing manual actions.
|
||||
|
||||
### To 4.0.0 (And 3.12.1)
|
||||
|
||||
This version requires Helm >= 2.12.0.
|
||||
|
||||
### To 5.0.0
|
||||
|
||||
You have to add --force to your helm upgrade command as the labels of the chart have changed.
|
||||
|
||||
### To 6.0.0
|
||||
|
||||
This version requires Helm >= 3.1.0.
|
||||
|
||||
### To 7.0.0
|
||||
|
||||
For consistency with other Helm charts, the `global.image.registry` parameter was renamed
|
||||
to `global.imageRegistry`. If you were not previously setting `global.image.registry`, no action
|
||||
is required on upgrade. If you were previously setting `global.image.registry`, you will
|
||||
need to instead set `global.imageRegistry`.
|
||||
|
||||
## Configuration
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------|
|
||||
| `replicas` | Number of nodes | `1` |
|
||||
| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` |
|
||||
| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` |
|
||||
| `podDisruptionBudget.apiVersion` | Pod disruption apiVersion | `nil` |
|
||||
| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` |
|
||||
| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` |
|
||||
| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`|
|
||||
| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` |
|
||||
| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
|
||||
| `image.registry` | Image registry | `docker.io` |
|
||||
| `image.repository` | Image repository | `grafana/grafana` |
|
||||
| `image.tag` | Overrides the Grafana image tag whose default is the chart appVersion (`Must be >= 5.0.0`) | `` |
|
||||
| `image.sha` | Image sha (optional) | `` |
|
||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Image pull secrets (can be templated) | `[]` |
|
||||
| `service.enabled` | Enable grafana service | `true` |
|
||||
| `service.ipFamilies` | Kubernetes service IP families | `[]` |
|
||||
| `service.ipFamilyPolicy` | Kubernetes service IP family policy | `""` |
|
||||
| `service.type` | Kubernetes service type | `ClusterIP` |
|
||||
| `service.port` | Kubernetes port where service is exposed | `80` |
|
||||
| `service.portName` | Name of the port on the service | `service` |
|
||||
| `service.appProtocol` | Adds the appProtocol field to the service | `` |
|
||||
| `service.targetPort` | Internal service is port | `3000` |
|
||||
| `service.nodePort` | Kubernetes service nodePort | `nil` |
|
||||
| `service.annotations` | Service annotations (can be templated) | `{}` |
|
||||
| `service.labels` | Custom labels | `{}` |
|
||||
| `service.clusterIP` | internal cluster service IP | `nil` |
|
||||
| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` |
|
||||
| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` |
|
||||
| `service.externalIPs` | service external IP addresses | `[]` |
|
||||
| `service.externalTrafficPolicy` | change the default externalTrafficPolicy | `nil` |
|
||||
| `headlessService` | Create a headless service | `false` |
|
||||
| `extraExposePorts` | Additional service ports for sidecar containers| `[]` |
|
||||
| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` |
|
||||
| `ingress.enabled` | Enables Ingress | `false` |
|
||||
| `ingress.annotations` | Ingress annotations (values are templated) | `{}` |
|
||||
| `ingress.labels` | Custom labels | `{}` |
|
||||
| `ingress.path` | Ingress accepted path | `/` |
|
||||
| `ingress.pathType` | Ingress type of path | `Prefix` |
|
||||
| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
|
||||
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.6/guide/ingress/annotations/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
|
||||
| `ingress.tls` | Ingress TLS configuration | `[]` |
|
||||
| `ingress.ingressClassName` | Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 | `""` |
|
||||
| `resources` | CPU/Memory resource requests/limits | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Toleration labels for pod assignment | `[]` |
|
||||
| `affinity` | Affinity settings for pod assignment | `{}` |
|
||||
| `extraInitContainers` | Init containers to add to the grafana pod | `{}` |
|
||||
| `extraContainers` | Sidecar containers to add to the grafana pod | `""` |
|
||||
| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` |
|
||||
| `extraLabels` | Custom labels for all manifests | `{}` |
|
||||
| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
|
||||
| `persistence.enabled` | Use persistent volume to store data | `false` |
|
||||
| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` |
|
||||
| `persistence.size` | Size of persistent volume claim | `10Gi` |
|
||||
| `persistence.existingClaim` | Use an existing PVC to persist data (can be templated) | `nil` |
|
||||
| `persistence.storageClassName` | Type of persistent volume claim | `nil` |
|
||||
| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` |
|
||||
| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` |
|
||||
| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` |
|
||||
| `persistence.extraPvcLabels` | Extra labels to apply to a PVC. | `{}` |
|
||||
| `persistence.subPath` | Mount a sub dir of the persistent volume (can be templated) | `nil` |
|
||||
| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` |
|
||||
| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` |
|
||||
| `persistence.disableWarning` | Hide NOTES warning, useful when persisting to a database | `false` |
|
||||
| `initChownData.enabled` | If false, don't reset data ownership at startup | true |
|
||||
| `initChownData.image.registry` | init-chown-data container image registry | `docker.io` |
|
||||
| `initChownData.image.repository` | init-chown-data container image repository | `busybox` |
|
||||
| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` |
|
||||
| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` |
|
||||
| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` |
|
||||
| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` |
|
||||
| `schedulerName` | Alternate scheduler name | `nil` |
|
||||
| `env` | Extra environment variables passed to pods | `{}` |
|
||||
| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
|
||||
| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
|
||||
| `envFromSecrets` | List of Kubernetes secrets (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` |
|
||||
| `envFromConfigMaps` | List of Kubernetes ConfigMaps (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` |
|
||||
| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret. (passed through [tpl](https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function)) | `{}` |
|
||||
| `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` |
|
||||
| `extraSecretMounts` | Additional grafana server secret mounts | `[]` |
|
||||
| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` |
|
||||
| `extraVolumes` | Additional Grafana server volumes | `[]` |
|
||||
| `automountServiceAccountToken` | Mounted the service account token on the grafana pod. Mandatory, if sidecars are enabled | `true` |
|
||||
| `createConfigmap` | Enable creating the grafana configmap | `true` |
|
||||
| `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` |
|
||||
| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` |
|
||||
| `plugins` | Plugins to be loaded along with Grafana | `[]` |
|
||||
| `datasources` | Configure grafana datasources (passed through tpl) | `{}` |
|
||||
| `alerting` | Configure grafana alerting (passed through tpl) | `{}` |
|
||||
| `notifiers` | Configure grafana notifiers | `{}` |
|
||||
| `dashboardProviders` | Configure grafana dashboard providers | `{}` |
|
||||
| `dashboards` | Dashboards to import | `{}` |
|
||||
| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` |
|
||||
| `grafana.ini` | Grafana's primary configuration | `{}` |
|
||||
| `global.imageRegistry` | Global image pull registry for all images. | `null` |
|
||||
| `global.imagePullSecrets` | Global image pull secrets (can be templated). Allows either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). | `[]` |
|
||||
| `ldap.enabled` | Enable LDAP authentication | `false` |
|
||||
| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` |
|
||||
| `ldap.config` | Grafana's LDAP configuration | `""` |
|
||||
| `annotations` | Deployment annotations | `{}` |
|
||||
| `labels` | Deployment labels | `{}` |
|
||||
| `podAnnotations` | Pod annotations | `{}` |
|
||||
| `podLabels` | Pod labels | `{}` |
|
||||
| `podPortName` | Name of the grafana port on the pod | `grafana` |
|
||||
| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` |
|
||||
| `sidecar.image.registry` | Sidecar image registry | `quay.io` |
|
||||
| `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` |
|
||||
| `sidecar.image.tag` | Sidecar image tag | `1.28.0` |
|
||||
| `sidecar.image.sha` | Sidecar image sha (optional) | `""` |
|
||||
| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` |
|
||||
| `sidecar.resources` | Sidecar resources | `{}` |
|
||||
| `sidecar.securityContext` | Sidecar securityContext | `{}` |
|
||||
| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` |
|
||||
| `sidecar.alerts.enabled` | Enables the cluster wide search for alerts and adds/updates/deletes them in grafana |`false` |
|
||||
| `sidecar.alerts.label` | Label that config maps with alerts should have to be added | `grafana_alert` |
|
||||
| `sidecar.alerts.labelValue` | Label value that config maps with alerts should have to be added | `""` |
|
||||
| `sidecar.alerts.searchNamespace` | Namespaces list. If specified, the sidecar will search for alerts config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
|
||||
| `sidecar.alerts.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
|
||||
| `sidecar.alerts.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||
| `sidecar.alerts.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` |
|
||||
| `sidecar.alerts.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
|
||||
| `sidecar.alerts.initAlerts` | Set to true to deploy the alerts sidecar as an initContainer. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` |
|
||||
| `sidecar.alerts.extraMounts` | Additional alerts sidecar volume mounts. | `[]` |
|
||||
| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` |
|
||||
| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` |
|
||||
| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` |
|
||||
| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` |
|
||||
| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` |
|
||||
| `sidecar.dashboards.provider.folderUid` | Allows you to specify the static UID for the logical folder above | `""` |
|
||||
| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` |
|
||||
| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` |
|
||||
| `sidecar.dashboards.provider.type` | Provider type | `file` |
|
||||
| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` |
|
||||
| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
|
||||
| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` |
|
||||
| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` |
|
||||
| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `""` |
|
||||
| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` |
|
||||
| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` |
|
||||
| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
|
||||
| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
|
||||
| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` |
|
||||
| `sidecar.dashboards.reloadURL` | Full url of dashboards configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/dashboards/reload"` |
|
||||
| `sidecar.dashboards.skipReload` | Enabling this omits defining the REQ_USERNAME, REQ_PASSWORD, REQ_URL and REQ_METHOD environment variables | `false` |
|
||||
| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||
| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` |
|
||||
| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
|
||||
| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` |
|
||||
| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `""` |
|
||||
| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
|
||||
| `sidecar.datasources.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
|
||||
| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||
| `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` |
|
||||
| `sidecar.datasources.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
|
||||
| `sidecar.datasources.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any datasources defined at startup time. | `false` |
|
||||
| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` |
|
||||
| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` |
|
||||
| `sidecar.notifiers.labelValue` | Label value that config maps with notifiers should have to be added | `""` |
|
||||
| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
|
||||
| `sidecar.notifiers.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
|
||||
| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||
| `sidecar.notifiers.reloadURL` | Full url of notifier configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/notifications/reload"` |
|
||||
| `sidecar.notifiers.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
|
||||
| `sidecar.notifiers.initNotifiers` | Set to true to deploy the notifier sidecar as an initContainer in addition to a container. This is needed if skipReload is true, to load any notifiers defined at startup time. | `false` |
|
||||
| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
|
||||
| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` |
|
||||
| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` |
|
||||
| `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` |
|
||||
| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` |
|
||||
| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` |
|
||||
| `serviceAccount.automountServiceAccountToken` | Automount the service account token on all pods where is service account is used | `false` |
|
||||
| `serviceAccount.annotations` | ServiceAccount annotations | |
|
||||
| `serviceAccount.create` | Create service account | `true` |
|
||||
| `serviceAccount.labels` | ServiceAccount labels | `{}` |
|
||||
| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` |
|
||||
| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` |
|
||||
| `rbac.create` | Create and use RBAC resources | `true` |
|
||||
| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
|
||||
| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
|
||||
| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `false` |
|
||||
| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `false` |
|
||||
| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
|
||||
| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
|
||||
| `command` | Define command to be executed by grafana container at startup | `nil` |
|
||||
| `args` | Define additional args if command is used | `nil` |
|
||||
| `testFramework.enabled` | Whether to create test-related resources | `true` |
|
||||
| `testFramework.image.registry` | `test-framework` image registry. | `docker.io` |
|
||||
| `testFramework.image.repository` | `test-framework` image repository. | `bats/bats` |
|
||||
| `testFramework.image.tag` | `test-framework` image tag. | `v1.4.1` |
|
||||
| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` |
|
||||
| `testFramework.securityContext` | `test-framework` securityContext | `{}` |
|
||||
| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` |
|
||||
| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
|
||||
| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` |
|
||||
| `downloadDashboardsImage.registry` | Curl docker image registry | `docker.io` |
|
||||
| `downloadDashboardsImage.repository` | Curl docker image repository | `curlimages/curl` |
|
||||
| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` |
|
||||
| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` |
|
||||
| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` |
|
||||
| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) |
|
||||
| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
|
||||
| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | |
|
||||
| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` |
|
||||
| `serviceMonitor.path` | Path to scrape | `/metrics` |
|
||||
| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` |
|
||||
| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` |
|
||||
| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
|
||||
| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
|
||||
| `serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
|
||||
| `serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` |
|
||||
| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` |
|
||||
| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` |
|
||||
| `imageRenderer.image.registry` | image-renderer Image registry | `docker.io` |
|
||||
| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` |
|
||||
| `imageRenderer.image.tag` | image-renderer Image tag | `latest` |
|
||||
| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
|
||||
| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
|
||||
| `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
|
||||
| `imageRenderer.envValueFrom` | Environment variables for image-renderer from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
|
||||
| `imageRenderer.extraConfigmapMounts` | Additional image-renderer configMap volume mounts (values are templated) | `[]` |
|
||||
| `imageRenderer.extraSecretMounts` | Additional image-renderer secret volume mounts | `[]` |
|
||||
| `imageRenderer.extraVolumeMounts` | Additional image-renderer volume mounts | `[]` |
|
||||
| `imageRenderer.extraVolumes` | Additional image-renderer volumes | `[]` |
|
||||
| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` |
|
||||
| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
|
||||
| `imageRenderer.podAnnotations` | image-renderer image-renderer pod annotation | `{}` |
|
||||
| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
|
||||
| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` |
|
||||
| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` |
|
||||
| `imageRenderer.service.portName` | image-renderer service port name | `http` |
|
||||
| `imageRenderer.service.port` | image-renderer port used by deployment | `8081` |
|
||||
| `imageRenderer.service.targetPort` | image-renderer service port used by service | `8081` |
|
||||
| `imageRenderer.appProtocol` | Adds the appProtocol field to the service | `` |
|
||||
| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` |
|
||||
| `imageRenderer.serverURL` | Remote image renderer url | `''` |
|
||||
| `imageRenderer.renderingCallbackURL` | Callback url for the Grafana image renderer | `''` |
|
||||
| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` |
|
||||
| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` |
|
||||
| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` |
|
||||
| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` |
|
||||
| `imageRenderer.resources` | Set resource limits for image-renderer pods | `{}` |
|
||||
| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` |
|
||||
| `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` |
|
||||
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` |
|
||||
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
|
||||
| `networkPolicy.ingress` | Enable the creation of an ingress network policy | `true` |
|
||||
| `networkPolicy.egress.enabled` | Enable the creation of an egress network policy | `false` |
|
||||
| `networkPolicy.egress.ports` | An array of ports to allow for the egress | `[]` |
|
||||
| `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` |
|
||||
|
||||
### Example ingress with path
|
||||
|
||||
With grafana 6.3 and above
|
||||
|
||||
```yaml
|
||||
grafana.ini:
|
||||
server:
|
||||
domain: monitoring.example.com
|
||||
root_url: "%(protocol)s://%(domain)s/grafana"
|
||||
serve_from_sub_path: true
|
||||
ingress:
|
||||
enabled: true
|
||||
hosts:
|
||||
- "monitoring.example.com"
|
||||
path: "/grafana"
|
||||
```
|
||||
|
||||
### Example of extraVolumeMounts and extraVolumes
|
||||
|
||||
Configure additional volumes with `extraVolumes` and volume mounts with `extraVolumeMounts`.
|
||||
|
||||
Example for `extraVolumeMounts` and corresponding `extraVolumes`:
|
||||
|
||||
```yaml
|
||||
extraVolumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /var/lib/grafana/plugins
|
||||
subPath: configs/grafana/plugins
|
||||
readOnly: false
|
||||
- name: dashboards
|
||||
mountPath: /var/lib/grafana/dashboards
|
||||
hostPath: /usr/shared/grafana/dashboards
|
||||
readOnly: false
|
||||
|
||||
extraVolumes:
|
||||
- name: plugins
|
||||
existingClaim: existing-grafana-claim
|
||||
- name: dashboards
|
||||
hostPath: /usr/shared/grafana/dashboards
|
||||
```
|
||||
|
||||
Volumes default to `emptyDir`. Set to `persistentVolumeClaim`,
|
||||
`hostPath`, `csi`, or `configMap` for other types. For a
|
||||
`persistentVolumeClaim`, specify an existing claim name with
|
||||
`existingClaim`.
|
||||
|
||||
## Import dashboards
|
||||
|
||||
There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method:
|
||||
|
||||
```yaml
|
||||
dashboards:
|
||||
default:
|
||||
some-dashboard:
|
||||
json: |
|
||||
{
|
||||
"annotations":
|
||||
|
||||
...
|
||||
# Complete json file here
|
||||
...
|
||||
|
||||
"title": "Some Dashboard",
|
||||
"uid": "abcd1234",
|
||||
"version": 1
|
||||
}
|
||||
custom-dashboard:
|
||||
# This is a path to a file inside the dashboards directory inside the chart directory
|
||||
file: dashboards/custom-dashboard.json
|
||||
prometheus-stats:
|
||||
# Ref: https://grafana.com/dashboards/2
|
||||
gnetId: 2
|
||||
revision: 2
|
||||
datasource: Prometheus
|
||||
loki-dashboard-quick-search:
|
||||
gnetId: 12019
|
||||
revision: 2
|
||||
datasource:
|
||||
- name: DS_PROMETHEUS
|
||||
value: Prometheus
|
||||
- name: DS_LOKI
|
||||
value: Loki
|
||||
local-dashboard:
|
||||
url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json
|
||||
```
|
||||
|
||||
## BASE64 dashboards
|
||||
|
||||
Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit)
|
||||
A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk.
|
||||
If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk.
|
||||
|
||||
### Gerrit use case
|
||||
|
||||
Gerrit API for download files has the following schema: <https://yourgerritserver/a/{project-name}/branches/{branch-id}/files/{file-id}/content> where {project-name} and
|
||||
{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard
|
||||
the url value is <https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content>
|
||||
|
||||
## Sidecar for dashboards
|
||||
|
||||
If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana
|
||||
pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with
|
||||
a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written
|
||||
to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported
|
||||
dashboards are deleted/updated.
|
||||
|
||||
A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside
|
||||
one configmap is currently not properly mirrored in grafana.
|
||||
|
||||
Example dashboard config:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: sample-grafana-dashboard
|
||||
labels:
|
||||
grafana_dashboard: "1"
|
||||
data:
|
||||
k8s-dashboard.json: |-
|
||||
[...]
|
||||
```
|
||||
|
||||
## Sidecar for datasources
|
||||
|
||||
If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana
|
||||
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
|
||||
filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in
|
||||
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
|
||||
the data sources in grafana can be imported.
|
||||
|
||||
Should you aim for reloading datasources in Grafana each time the config is changed, set `sidecar.datasources.skipReload: false` and adjust `sidecar.datasources.reloadURL` to `http://<svc-name>.<namespace>.svc.cluster.local/api/admin/provisioning/datasources/reload`.
|
||||
|
||||
Secrets are recommended over configmaps for this usecase because datasources usually contain private
|
||||
data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
|
||||
|
||||
Example values to add a postgres datasource as a kubernetes secret:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: grafana-datasources
|
||||
labels:
|
||||
grafana_datasource: 'true' # default value for: sidecar.datasources.label
|
||||
stringData:
|
||||
pg-db.yaml: |-
|
||||
apiVersion: 1
|
||||
datasources:
|
||||
- name: My pg db datasource
|
||||
type: postgres
|
||||
url: my-postgresql-db:5432
|
||||
user: db-readonly-user
|
||||
secureJsonData:
|
||||
password: 'SUperSEcretPa$$word'
|
||||
jsonData:
|
||||
database: my_datase
|
||||
sslmode: 'disable' # disable/require/verify-ca/verify-full
|
||||
maxOpenConns: 0 # Grafana v5.4+
|
||||
maxIdleConns: 2 # Grafana v5.4+
|
||||
connMaxLifetime: 14400 # Grafana v5.4+
|
||||
postgresVersion: 1000 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10
|
||||
timescaledb: false
|
||||
# <bool> allow users to edit datasources from the UI.
|
||||
editable: false
|
||||
```
|
||||
|
||||
Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
|
||||
|
||||
```yaml
|
||||
datasources:
|
||||
datasources.yaml:
|
||||
apiVersion: 1
|
||||
datasources:
|
||||
# <string, required> name of the datasource. Required
|
||||
- name: Graphite
|
||||
# <string, required> datasource type. Required
|
||||
type: graphite
|
||||
# <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
|
||||
access: proxy
|
||||
# <int> org id. will default to orgId 1 if not specified
|
||||
orgId: 1
|
||||
# <string> url
|
||||
url: http://localhost:8080
|
||||
# <string> database password, if used
|
||||
password:
|
||||
# <string> database user, if used
|
||||
user:
|
||||
# <string> database name, if used
|
||||
database:
|
||||
# <bool> enable/disable basic auth
|
||||
basicAuth:
|
||||
# <string> basic auth username
|
||||
basicAuthUser:
|
||||
# <string> basic auth password
|
||||
basicAuthPassword:
|
||||
# <bool> enable/disable with credentials headers
|
||||
withCredentials:
|
||||
# <bool> mark as default datasource. Max one per org
|
||||
isDefault:
|
||||
# <map> fields that will be converted to json and stored in json_data
|
||||
jsonData:
|
||||
graphiteVersion: "1.1"
|
||||
tlsAuth: true
|
||||
tlsAuthWithCACert: true
|
||||
# <string> json object of data that will be encrypted.
|
||||
secureJsonData:
|
||||
tlsCACert: "..."
|
||||
tlsClientCert: "..."
|
||||
tlsClientKey: "..."
|
||||
version: 1
|
||||
# <bool> allow users to edit datasources from the UI.
|
||||
editable: false
|
||||
```
|
||||
|
||||
## Sidecar for notifiers
|
||||
|
||||
If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana
|
||||
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
|
||||
filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in
|
||||
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
|
||||
the notification channels in grafana can be imported. The secrets must be created before
|
||||
`helm install` so that the notifiers init container can list the secrets.
|
||||
|
||||
Secrets are recommended over configmaps for this usecase because alert notification channels usually contain
|
||||
private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
|
||||
|
||||
Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels):
|
||||
|
||||
```yaml
|
||||
notifiers:
|
||||
- name: notification-channel-1
|
||||
type: slack
|
||||
uid: notifier1
|
||||
# either
|
||||
org_id: 2
|
||||
# or
|
||||
org_name: Main Org.
|
||||
is_default: true
|
||||
send_reminder: true
|
||||
frequency: 1h
|
||||
disable_resolve_message: false
|
||||
# See `Supported Settings` section for settings supporter for each
|
||||
# alert notification type.
|
||||
settings:
|
||||
recipient: 'XXX'
|
||||
token: 'xoxb'
|
||||
uploadImage: true
|
||||
url: https://slack.com
|
||||
|
||||
delete_notifiers:
|
||||
- name: notification-channel-1
|
||||
uid: notifier1
|
||||
org_id: 2
|
||||
- name: notification-channel-2
|
||||
# default org_id: 1
|
||||
```
|
||||
|
||||
## Sidecar for alerting resources
|
||||
|
||||
If the parameter `sidecar.alerts.enabled` is set, a sidecar container is deployed in the grafana
|
||||
pod. This container watches all configmaps (or secrets) in the cluster (namespace defined by `sidecar.alerts.searchNamespace`) and filters out the ones with
|
||||
a label as defined in `sidecar.alerts.label` (default is `grafana_alert`). The files defined in those configmaps are written
|
||||
to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported alerting resources are updated, however, deletions are a little more complicated (see below).
|
||||
|
||||
This sidecar can be used to provision alert rules, contact points, notification policies, notification templates and mute timings as shown in [Grafana Documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/).
|
||||
|
||||
To fetch the alert config which will be provisioned, use the alert provisioning API ([Grafana Documentation](https://grafana.com/docs/grafana/next/developers/http_api/alerting_provisioning/)).
|
||||
You can use either JSON or YAML format.
|
||||
|
||||
Example config for an alert rule:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: sample-grafana-alert
|
||||
labels:
|
||||
grafana_alert: "1"
|
||||
data:
|
||||
k8s-alert.yml: |-
|
||||
apiVersion: 1
|
||||
groups:
|
||||
- orgId: 1
|
||||
name: k8s-alert
|
||||
[...]
|
||||
```
|
||||
|
||||
To delete provisioned alert rules is a two step process, you need to delete the configmap which defined the alert rule
|
||||
and then create a configuration which deletes the alert rule.
|
||||
|
||||
Example deletion configuration:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: delete-sample-grafana-alert
|
||||
namespace: monitoring
|
||||
labels:
|
||||
grafana_alert: "1"
|
||||
data:
|
||||
delete-k8s-alert.yml: |-
|
||||
apiVersion: 1
|
||||
deleteRules:
|
||||
- orgId: 1
|
||||
uid: 16624780-6564-45dc-825c-8bded4ad92d3
|
||||
```
|
||||
|
||||
## Statically provision alerting resources
|
||||
|
||||
If you don't need to change alerting resources (alert rules, contact points, notification policies and notification templates) regularly you could use the `alerting` config option instead of the sidecar option above.
|
||||
This will grab the alerting config and apply it statically at build time for the helm file.
|
||||
|
||||
There are two methods to statically provision alerting configuration in Grafana. Below are some examples and explanations as to how to use each method:
|
||||
|
||||
```yaml
|
||||
alerting:
|
||||
team1-alert-rules.yaml:
|
||||
file: alerting/team1/rules.yaml
|
||||
team2-alert-rules.yaml:
|
||||
file: alerting/team2/rules.yaml
|
||||
team3-alert-rules.yaml:
|
||||
file: alerting/team3/rules.yaml
|
||||
notification-policies.yaml:
|
||||
file: alerting/shared/notification-policies.yaml
|
||||
notification-templates.yaml:
|
||||
file: alerting/shared/notification-templates.yaml
|
||||
contactpoints.yaml:
|
||||
apiVersion: 1
|
||||
contactPoints:
|
||||
- orgId: 1
|
||||
name: Slack channel
|
||||
receivers:
|
||||
- uid: default-receiver
|
||||
type: slack
|
||||
settings:
|
||||
# Webhook URL to be filled in
|
||||
url: ""
|
||||
# We need to escape double curly braces for the tpl function.
|
||||
text: '{{ `{{ template "default.message" . }}` }}'
|
||||
title: '{{ `{{ template "default.title" . }}` }}'
|
||||
```
|
||||
|
||||
The two possibilities for static alerting resource provisioning are:
|
||||
|
||||
* Inlining the file contents as shown for contact points in the above example.
|
||||
* Importing a file using a relative path starting from the chart root directory as shown for the alert rules in the above example.
|
||||
|
||||
### Important notes on file provisioning
|
||||
|
||||
* The format of the files is defined in the [Grafana documentation](https://grafana.com/docs/grafana/next/alerting/set-up/provision-alerting-resources/file-provisioning/) on file provisioning.
|
||||
* The chart supports importing YAML and JSON files.
|
||||
* The filename must be unique, otherwise one volume mount will overwrite the other.
|
||||
* In case of inlining, double curly braces that arise from the Grafana configuration format and are not intended as templates for the chart must be escaped.
|
||||
* The number of total files under `alerting:` is not limited. Each file will end up as a volume mount in the corresponding provisioning folder of the deployed Grafana instance.
|
||||
* The file size for each import is limited by what the function `.Files.Get` can handle, which suffices for most cases.
|
||||
|
||||
## How to serve Grafana with a path prefix (/grafana)
|
||||
|
||||
In order to serve Grafana with a prefix (e.g., <http://example.com/grafana>), add the following to your values.yaml.
|
||||
|
||||
```yaml
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "nginx"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /$1
|
||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||
|
||||
path: /grafana/?(.*)
|
||||
hosts:
|
||||
- k8s.example.dev
|
||||
|
||||
grafana.ini:
|
||||
server:
|
||||
root_url: http://localhost:3000/grafana # this host can be localhost
|
||||
```
|
||||
|
||||
## How to securely reference secrets in grafana.ini
|
||||
|
||||
This example uses Grafana [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets.
|
||||
|
||||
In grafana.ini:
|
||||
|
||||
```yaml
|
||||
grafana.ini:
|
||||
[auth.generic_oauth]
|
||||
enabled = true
|
||||
client_id = $__file{/etc/secrets/auth_generic_oauth/client_id}
|
||||
client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret}
|
||||
```
|
||||
|
||||
Existing secret, or created along with helm:
|
||||
|
||||
```yaml
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: auth-generic-oauth-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
client_id: <value>
|
||||
client_secret: <value>
|
||||
```
|
||||
|
||||
Include in the `extraSecretMounts` configuration flag:
|
||||
|
||||
```yaml
|
||||
extraSecretMounts:
|
||||
- name: auth-generic-oauth-secret-mount
|
||||
secretName: auth-generic-oauth-secret
|
||||
defaultMode: 0440
|
||||
mountPath: /etc/secrets/auth_generic_oauth
|
||||
readOnly: true
|
||||
```
|
||||
|
||||
### extraSecretMounts using a Container Storage Interface (CSI) provider
|
||||
|
||||
This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure)
|
||||
|
||||
```yaml
|
||||
extraSecretMounts:
|
||||
- name: secrets-store-inline
|
||||
mountPath: /run/secrets
|
||||
readOnly: true
|
||||
csi:
|
||||
driver: secrets-store.csi.k8s.io
|
||||
readOnly: true
|
||||
volumeAttributes:
|
||||
secretProviderClass: "my-provider"
|
||||
nodePublishSecretRef:
|
||||
name: akv-creds
|
||||
```
|
||||
|
||||
## Image Renderer Plug-In
|
||||
|
||||
This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/README.md#run-in-docker)
|
||||
|
||||
```yaml
|
||||
imageRenderer:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
### Image Renderer NetworkPolicy
|
||||
|
||||
By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance
|
||||
|
||||
### High Availability for unified alerting
|
||||
|
||||
If you want to run Grafana in a high availability cluster you need to enable
|
||||
the headless service by setting `headlessService: true` in your `values.yaml`
|
||||
file.
|
||||
|
||||
As next step you have to setup the `grafana.ini` in your `values.yaml` in a way
|
||||
that it will make use of the headless service to obtain all the IPs of the
|
||||
cluster. You should replace ``{{ Name }}`` with the name of your helm deployment.
|
||||
|
||||
```yaml
|
||||
grafana.ini:
|
||||
...
|
||||
unified_alerting:
|
||||
enabled: true
|
||||
ha_peers: {{ Name }}-headless:9094
|
||||
ha_listen_address: ${POD_IP}:9094
|
||||
ha_advertise_address: ${POD_IP}:9094
|
||||
|
||||
alerting:
|
||||
enabled: false
|
||||
```
|
1
manifests/grafana/ci/default-values.yaml
Normal file
1
manifests/grafana/ci/default-values.yaml
Normal file
@ -0,0 +1 @@
|
||||
# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
|
16
manifests/grafana/ci/with-affinity-values.yaml
Normal file
16
manifests/grafana/ci/with-affinity-values.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- podAffinityTerm:
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: grafana-test
|
||||
app.kubernetes.io/name: grafana
|
||||
topologyKey: failure-domain.beta.kubernetes.io/zone
|
||||
weight: 100
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: grafana-test
|
||||
app.kubernetes.io/name: grafana
|
||||
topologyKey: kubernetes.io/hostname
|
53
manifests/grafana/ci/with-dashboard-json-values.yaml
Normal file
53
manifests/grafana/ci/with-dashboard-json-values.yaml
Normal file
@ -0,0 +1,53 @@
|
||||
dashboards:
|
||||
my-provider:
|
||||
my-awesome-dashboard:
|
||||
# An empty but valid dashboard
|
||||
json: |
|
||||
{
|
||||
"__inputs": [],
|
||||
"__requires": [
|
||||
{
|
||||
"type": "grafana",
|
||||
"id": "grafana",
|
||||
"name": "Grafana",
|
||||
"version": "6.3.5"
|
||||
}
|
||||
],
|
||||
"annotations": {
|
||||
"list": [
|
||||
{
|
||||
"builtIn": 1,
|
||||
"datasource": "-- Grafana --",
|
||||
"enable": true,
|
||||
"hide": true,
|
||||
"iconColor": "rgba(0, 211, 255, 1)",
|
||||
"name": "Annotations & Alerts",
|
||||
"type": "dashboard"
|
||||
}
|
||||
]
|
||||
},
|
||||
"editable": true,
|
||||
"gnetId": null,
|
||||
"graphTooltip": 0,
|
||||
"id": null,
|
||||
"links": [],
|
||||
"panels": [],
|
||||
"schemaVersion": 19,
|
||||
"style": "dark",
|
||||
"tags": [],
|
||||
"templating": {
|
||||
"list": []
|
||||
},
|
||||
"time": {
|
||||
"from": "now-6h",
|
||||
"to": "now"
|
||||
},
|
||||
"timepicker": {
|
||||
"refresh_intervals": ["5s"]
|
||||
},
|
||||
"timezone": "",
|
||||
"title": "Dummy Dashboard",
|
||||
"uid": "IdcYQooWk",
|
||||
"version": 1
|
||||
}
|
||||
datasource: Prometheus
|
19
manifests/grafana/ci/with-dashboard-values.yaml
Normal file
19
manifests/grafana/ci/with-dashboard-values.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
dashboards:
|
||||
my-provider:
|
||||
my-awesome-dashboard:
|
||||
gnetId: 10000
|
||||
revision: 1
|
||||
datasource: Prometheus
|
||||
dashboardProviders:
|
||||
dashboardproviders.yaml:
|
||||
apiVersion: 1
|
||||
providers:
|
||||
- name: 'my-provider'
|
||||
orgId: 1
|
||||
folder: ''
|
||||
type: file
|
||||
updateIntervalSeconds: 10
|
||||
disableDeletion: true
|
||||
editable: true
|
||||
options:
|
||||
path: /var/lib/grafana/dashboards/my-provider
|
@ -0,0 +1,7 @@
|
||||
extraConfigmapMounts:
|
||||
- name: '{{ include "grafana.fullname" . }}'
|
||||
configMap: '{{ include "grafana.fullname" . }}'
|
||||
mountPath: /var/lib/grafana/dashboards/test-dashboard.json
|
||||
# This is not a realistic test, but for this we only care about extraConfigmapMounts not being empty and pointing to an existing ConfigMap
|
||||
subPath: grafana.ini
|
||||
readOnly: true
|
107
manifests/grafana/ci/with-image-renderer-values.yaml
Normal file
107
manifests/grafana/ci/with-image-renderer-values.yaml
Normal file
@ -0,0 +1,107 @@
|
||||
podLabels:
|
||||
customLableA: Aaaaa
|
||||
imageRenderer:
|
||||
enabled: true
|
||||
env:
|
||||
RENDERING_ARGS: --disable-gpu,--window-size=1280x758
|
||||
RENDERING_MODE: clustered
|
||||
podLabels:
|
||||
customLableB: Bbbbb
|
||||
networkPolicy:
|
||||
limitIngress: true
|
||||
limitEgress: true
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1000Mi
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 50Mi
|
||||
extraVolumes:
|
||||
- name: empty-renderer-volume
|
||||
emtpyDir: {}
|
||||
extraVolumeMounts:
|
||||
- mountPath: /tmp/renderer
|
||||
name: empty-renderer-volume
|
||||
extraConfigmapMounts:
|
||||
- name: renderer-config
|
||||
mountPath: /usr/src/app/config.json
|
||||
subPath: renderer-config.json
|
||||
configMap: image-renderer-config
|
||||
extraSecretMounts:
|
||||
- name: renderer-certificate
|
||||
mountPath: /usr/src/app/certs/
|
||||
secretName: image-renderer-certificate
|
||||
readOnly: true
|
||||
|
||||
extraObjects:
|
||||
- apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: image-renderer-config
|
||||
data:
|
||||
renderer-config.json: |
|
||||
{
|
||||
"service": {
|
||||
"host": null,
|
||||
"port": 8081,
|
||||
"protocol": "http",
|
||||
"certFile": "",
|
||||
"certKey": "",
|
||||
|
||||
"metrics": {
|
||||
"enabled": true,
|
||||
"collectDefaultMetrics": true,
|
||||
"requestDurationBuckets": [1, 5, 7, 9, 11, 13, 15, 20, 30]
|
||||
},
|
||||
|
||||
"logging": {
|
||||
"level": "info",
|
||||
"console": {
|
||||
"json": true,
|
||||
"colorize": false
|
||||
}
|
||||
},
|
||||
|
||||
"security": {
|
||||
"authToken": "-"
|
||||
}
|
||||
},
|
||||
"rendering": {
|
||||
"chromeBin": null,
|
||||
"args": ["--no-sandbox", "--disable-gpu"],
|
||||
"ignoresHttpsErrors": false,
|
||||
|
||||
"timezone": null,
|
||||
"acceptLanguage": null,
|
||||
"width": 1000,
|
||||
"height": 500,
|
||||
"deviceScaleFactor": 1,
|
||||
"maxWidth": 3080,
|
||||
"maxHeight": 3000,
|
||||
"maxDeviceScaleFactor": 4,
|
||||
"pageZoomLevel": 1,
|
||||
"headed": false,
|
||||
|
||||
"mode": "default",
|
||||
"emulateNetworkConditions": false,
|
||||
"clustering": {
|
||||
"monitor": false,
|
||||
"mode": "browser",
|
||||
"maxConcurrency": 5,
|
||||
"timeout": 30
|
||||
},
|
||||
|
||||
"verboseLogging": false,
|
||||
"dumpio": false,
|
||||
"timingMetrics": false
|
||||
}
|
||||
}
|
||||
- apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: image-renderer-certificate
|
||||
type: Opaque
|
||||
data:
|
||||
# Decodes to 'PLACEHOLDER CERTIFICATE'
|
||||
not-a-real-certificate: UExBQ0VIT0xERVIgQ0VSVElGSUNBVEU=
|
32
manifests/grafana/ci/with-nondefault-values.yaml
Normal file
32
manifests/grafana/ci/with-nondefault-values.yaml
Normal file
@ -0,0 +1,32 @@
|
||||
global:
|
||||
environment: prod
|
||||
ingress:
|
||||
enabled: true
|
||||
hosts:
|
||||
- monitoring-{{ .Values.global.environment }}.example.com
|
||||
|
||||
route:
|
||||
main:
|
||||
enabled: true
|
||||
labels:
|
||||
app: monitoring-prometheus
|
||||
hostnames:
|
||||
- "*.example.com"
|
||||
- "{{ .Values.global.environment }}.example.com"
|
||||
filters:
|
||||
- type: RequestHeaderModifier
|
||||
requestHeaderModifier:
|
||||
set:
|
||||
- name: my-header-name
|
||||
value: my-new-header-value
|
||||
additionalRules:
|
||||
- filters:
|
||||
- type: RequestHeaderModifier
|
||||
requestHeaderModifier:
|
||||
set:
|
||||
- name: my-header-name
|
||||
value: my-new-header-value
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /foo/
|
3
manifests/grafana/ci/with-persistence.yaml
Normal file
3
manifests/grafana/ci/with-persistence.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
persistence:
|
||||
type: pvc
|
||||
enabled: true
|
38
manifests/grafana/ci/with-sidecars-envvaluefrom-values.yaml
Normal file
38
manifests/grafana/ci/with-sidecars-envvaluefrom-values.yaml
Normal file
@ -0,0 +1,38 @@
|
||||
extraObjects:
|
||||
- apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: '{{ include "grafana.fullname" . }}-test'
|
||||
data:
|
||||
var1: "value1"
|
||||
- apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: '{{ include "grafana.fullname" . }}-test'
|
||||
type: Opaque
|
||||
data:
|
||||
var2: "dmFsdWUy"
|
||||
|
||||
sidecar:
|
||||
dashboards:
|
||||
enabled: true
|
||||
envValueFrom:
|
||||
VAR1:
|
||||
configMapKeyRef:
|
||||
name: '{{ include "grafana.fullname" . }}-test'
|
||||
key: var1
|
||||
VAR2:
|
||||
secretKeyRef:
|
||||
name: '{{ include "grafana.fullname" . }}-test'
|
||||
key: var2
|
||||
datasources:
|
||||
enabled: true
|
||||
envValueFrom:
|
||||
VAR1:
|
||||
configMapKeyRef:
|
||||
name: '{{ include "grafana.fullname" . }}-test'
|
||||
key: var1
|
||||
VAR2:
|
||||
secretKeyRef:
|
||||
name: '{{ include "grafana.fullname" . }}-test'
|
||||
key: var2
|
1
manifests/grafana/dashboards/custom-dashboard.json
Normal file
1
manifests/grafana/dashboards/custom-dashboard.json
Normal file
@ -0,0 +1 @@
|
||||
{}
|
55
manifests/grafana/templates/NOTES.txt
Normal file
55
manifests/grafana/templates/NOTES.txt
Normal file
@ -0,0 +1,55 @@
|
||||
1. Get your '{{ .Values.adminUser }}' user password by running:
|
||||
|
||||
kubectl get secret --namespace {{ include "grafana.namespace" . }} {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} -o jsonpath="{.data.{{ .Values.admin.passwordKey | default "admin-password" }}}" | base64 --decode ; echo
|
||||
|
||||
|
||||
2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
|
||||
|
||||
{{ include "grafana.fullname" . }}.{{ include "grafana.namespace" . }}.svc.cluster.local
|
||||
{{ if .Values.ingress.enabled }}
|
||||
If you bind grafana to 80, please update values in values.yaml and reinstall:
|
||||
```
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
|
||||
command:
|
||||
- "setcap"
|
||||
- "'cap_net_bind_service=+ep'"
|
||||
- "/usr/sbin/grafana-server &&"
|
||||
- "sh"
|
||||
- "/run.sh"
|
||||
```
|
||||
Details refer to https://grafana.com/docs/installation/configuration/#http-port.
|
||||
Or grafana would always crash.
|
||||
|
||||
From outside the cluster, the server URL(s) are:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
http://{{ . }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
Get the Grafana URL to visit by running these commands in the same shell:
|
||||
{{- if contains "NodePort" .Values.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ include "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "grafana.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ include "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get svc --namespace {{ include "grafana.namespace" . }} -w {{ include "grafana.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ include "grafana.namespace" . }} {{ include "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||
http://$SERVICE_IP:{{ .Values.service.port -}}
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ include "grafana.namespace" . }} -l "app.kubernetes.io/name={{ include "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
kubectl --namespace {{ include "grafana.namespace" . }} port-forward $POD_NAME 3000
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
3. Login with the password from step 1 and the username: {{ .Values.adminUser }}
|
||||
|
||||
{{- if and (not .Values.persistence.enabled) (not .Values.persistence.disableWarning) }}
|
||||
#################################################################################
|
||||
###### WARNING: Persistence is disabled!!! You will lose your data when #####
|
||||
###### the Grafana pod is terminated. #####
|
||||
#################################################################################
|
||||
{{- end }}
|
176
manifests/grafana/templates/_config.tpl
Normal file
176
manifests/grafana/templates/_config.tpl
Normal file
@ -0,0 +1,176 @@
|
||||
{{/*
|
||||
Generate config map data
|
||||
*/}}
|
||||
{{- define "grafana.configData" -}}
|
||||
{{ include "grafana.assertNoLeakedSecrets" . }}
|
||||
{{- $files := .Files }}
|
||||
{{- $root := . -}}
|
||||
{{- with .Values.plugins }}
|
||||
plugins: {{ join "," . }}
|
||||
{{- end }}
|
||||
grafana.ini: |
|
||||
{{- range $elem, $elemVal := index .Values "grafana.ini" }}
|
||||
{{- if not (kindIs "map" $elemVal) }}
|
||||
{{- if kindIs "invalid" $elemVal }}
|
||||
{{ $elem }} =
|
||||
{{- else if kindIs "slice" $elemVal }}
|
||||
{{ $elem }} = {{ toJson $elemVal }}
|
||||
{{- else if kindIs "string" $elemVal }}
|
||||
{{ $elem }} = {{ tpl $elemVal $ }}
|
||||
{{- else }}
|
||||
{{ $elem }} = {{ $elemVal }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := index .Values "grafana.ini" }}
|
||||
{{- if kindIs "map" $value }}
|
||||
[{{ $key }}]
|
||||
{{- range $elem, $elemVal := $value }}
|
||||
{{- if kindIs "invalid" $elemVal }}
|
||||
{{ $elem }} =
|
||||
{{- else if kindIs "slice" $elemVal }}
|
||||
{{ $elem }} = {{ toJson $elemVal }}
|
||||
{{- else if kindIs "string" $elemVal }}
|
||||
{{ $elem }} = {{ tpl $elemVal $ }}
|
||||
{{- else }}
|
||||
{{ $elem }} = {{ $elemVal }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $key, $value := .Values.datasources }}
|
||||
{{- if not (hasKey $value "secret") }}
|
||||
{{ $key }}: |
|
||||
{{- tpl (toYaml $value | nindent 2) $root }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $key, $value := .Values.notifiers }}
|
||||
{{- if not (hasKey $value "secret") }}
|
||||
{{ $key }}: |
|
||||
{{- toYaml $value | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $key, $value := .Values.alerting }}
|
||||
{{- if (hasKey $value "file") }}
|
||||
{{ $key }}:
|
||||
{{- toYaml ( $files.Get $value.file ) | nindent 2 }}
|
||||
{{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}}
|
||||
{{/* will be stored inside secret generated by "configSecret.yaml"*/}}
|
||||
{{- else }}
|
||||
{{ $key }}: |
|
||||
{{- tpl (toYaml $value | nindent 2) $root }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $key, $value := .Values.dashboardProviders }}
|
||||
{{ $key }}: |
|
||||
{{- toYaml $value | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.dashboards }}
|
||||
download_dashboards.sh: |
|
||||
#!/usr/bin/env sh
|
||||
set -euf
|
||||
{{- if .Values.dashboardProviders }}
|
||||
{{- range $key, $value := .Values.dashboardProviders }}
|
||||
{{- range $value.providers }}
|
||||
mkdir -p {{ .options.path }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ $dashboardProviders := .Values.dashboardProviders }}
|
||||
{{- range $provider, $dashboards := .Values.dashboards }}
|
||||
{{- range $key, $value := $dashboards }}
|
||||
{{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
|
||||
curl -skf \
|
||||
--connect-timeout 60 \
|
||||
--max-time 60 \
|
||||
{{- if not $value.b64content }}
|
||||
{{- if not $value.acceptHeader }}
|
||||
-H "Accept: application/json" \
|
||||
{{- else }}
|
||||
-H "Accept: {{ $value.acceptHeader }}" \
|
||||
{{- end }}
|
||||
{{- if $value.token }}
|
||||
-H "Authorization: token {{ $value.token }}" \
|
||||
{{- end }}
|
||||
{{- if $value.bearerToken }}
|
||||
-H "Authorization: Bearer {{ $value.bearerToken }}" \
|
||||
{{- end }}
|
||||
{{- if $value.basic }}
|
||||
-H "Authorization: Basic {{ $value.basic }}" \
|
||||
{{- end }}
|
||||
{{- if $value.gitlabToken }}
|
||||
-H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \
|
||||
{{- end }}
|
||||
-H "Content-Type: application/json;charset=UTF-8" \
|
||||
{{- end }}
|
||||
{{- $dpPath := "" -}}
|
||||
{{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers }}
|
||||
{{- if eq $kd.name $provider }}
|
||||
{{- $dpPath = $kd.options.path }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if $value.url }}
|
||||
"{{ $value.url }}" \
|
||||
{{- else }}
|
||||
"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download" \
|
||||
{{- end }}
|
||||
{{- if $value.datasource }}
|
||||
{{- if kindIs "string" $value.datasource }}
|
||||
| sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g' \
|
||||
{{- end }}
|
||||
{{- if kindIs "slice" $value.datasource }}
|
||||
{{- range $value.datasource }}
|
||||
| sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if $value.b64content }}
|
||||
| base64 -d \
|
||||
{{- end }}
|
||||
> "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json"
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Generate dashboard json config map data
|
||||
*/}}
|
||||
{{- define "grafana.configDashboardProviderData" -}}
|
||||
provider.yaml: |-
|
||||
apiVersion: 1
|
||||
providers:
|
||||
- name: '{{ .Values.sidecar.dashboards.provider.name }}'
|
||||
orgId: {{ .Values.sidecar.dashboards.provider.orgid }}
|
||||
{{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
|
||||
folder: '{{ .Values.sidecar.dashboards.provider.folder }}'
|
||||
folderUid: '{{ .Values.sidecar.dashboards.provider.folderUid }}'
|
||||
{{- end }}
|
||||
type: {{ .Values.sidecar.dashboards.provider.type }}
|
||||
disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }}
|
||||
allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }}
|
||||
updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }}
|
||||
options:
|
||||
foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
|
||||
path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "grafana.secretsData" -}}
|
||||
{{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }}
|
||||
admin-user: {{ .Values.adminUser | b64enc | quote }}
|
||||
{{- if .Values.adminPassword }}
|
||||
admin-password: {{ .Values.adminPassword | b64enc | quote }}
|
||||
{{- else }}
|
||||
admin-password: {{ include "grafana.password" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if not .Values.ldap.existingSecret }}
|
||||
ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
274
manifests/grafana/templates/_helpers.tpl
Normal file
274
manifests/grafana/templates/_helpers.tpl
Normal file
@ -0,0 +1,274 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "grafana.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "grafana.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "grafana.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account
|
||||
*/}}
|
||||
{{- define "grafana.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "grafana.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "grafana.serviceAccountNameTest" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.nameTest }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "grafana.namespace" -}}
|
||||
{{- if .Values.namespaceOverride }}
|
||||
{{- .Values.namespaceOverride }}
|
||||
{{- else }}
|
||||
{{- .Release.Namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "grafana.labels" -}}
|
||||
helm.sh/chart: {{ include "grafana.chart" . }}
|
||||
{{ include "grafana.selectorLabels" . }}
|
||||
{{- if or .Chart.AppVersion .Values.image.tag }}
|
||||
app.kubernetes.io/version: {{ mustRegexReplaceAllLiteral "@sha.*" .Values.image.tag "" | default .Chart.AppVersion | trunc 63 | trimSuffix "-" | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.extraLabels }}
|
||||
{{ toYaml . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "grafana.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "grafana.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "grafana.imageRenderer.labels" -}}
|
||||
helm.sh/chart: {{ include "grafana.chart" . }}
|
||||
{{ include "grafana.imageRenderer.selectorLabels" . }}
|
||||
{{- if or .Chart.AppVersion .Values.image.tag }}
|
||||
app.kubernetes.io/version: {{ mustRegexReplaceAllLiteral "@sha.*" .Values.image.tag "" | default .Chart.AppVersion | trunc 63 | trimSuffix "-" | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels ImageRenderer
|
||||
*/}}
|
||||
{{- define "grafana.imageRenderer.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Looks if there's an existing secret and reuse its password. If not it generates
|
||||
new password and use it.
|
||||
*/}}
|
||||
{{- define "grafana.password" -}}
|
||||
{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) }}
|
||||
{{- if $secret }}
|
||||
{{- index $secret "data" "admin-password" }}
|
||||
{{- else }}
|
||||
{{- (randAlphaNum 40) | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for rbac.
|
||||
*/}}
|
||||
{{- define "grafana.rbac.apiVersion" -}}
|
||||
{{- if $.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
|
||||
{{- print "rbac.authorization.k8s.io/v1" }}
|
||||
{{- else }}
|
||||
{{- print "rbac.authorization.k8s.io/v1beta1" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for ingress.
|
||||
*/}}
|
||||
{{- define "grafana.ingress.apiVersion" -}}
|
||||
{{- if and ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) }}
|
||||
{{- print "networking.k8s.io/v1" }}
|
||||
{{- else if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
|
||||
{{- print "networking.k8s.io/v1beta1" }}
|
||||
{{- else }}
|
||||
{{- print "extensions/v1beta1" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for Horizontal Pod Autoscaler.
|
||||
*/}}
|
||||
{{- define "grafana.hpa.apiVersion" -}}
|
||||
{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }}
|
||||
{{- print "autoscaling/v2" }}
|
||||
{{- else }}
|
||||
{{- print "autoscaling/v2beta2" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for podDisruptionBudget.
|
||||
*/}}
|
||||
{{- define "grafana.podDisruptionBudget.apiVersion" -}}
|
||||
{{- if $.Values.podDisruptionBudget.apiVersion }}
|
||||
{{- print $.Values.podDisruptionBudget.apiVersion }}
|
||||
{{- else if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
|
||||
{{- print "policy/v1" }}
|
||||
{{- else }}
|
||||
{{- print "policy/v1beta1" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return if ingress is stable.
|
||||
*/}}
|
||||
{{- define "grafana.ingress.isStable" -}}
|
||||
{{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return if ingress supports ingressClassName.
|
||||
*/}}
|
||||
{{- define "grafana.ingress.supportsIngressClassName" -}}
|
||||
{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return if ingress supports pathType.
|
||||
*/}}
|
||||
{{- define "grafana.ingress.supportsPathType" -}}
|
||||
{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific imagePullSecrets})
|
||||
*/}}
|
||||
{{- define "grafana.imagePullSecrets" -}}
|
||||
{{- $root := .root }}
|
||||
{{- range (concat .root.Values.global.imagePullSecrets .imagePullSecrets) }}
|
||||
{{- if eq (typeOf .) "map[string]interface {}" }}
|
||||
- {{ toYaml (dict "name" (tpl .name $root)) | trim }}
|
||||
{{- else }}
|
||||
- name: {{ tpl . $root }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/*
|
||||
Checks whether or not the configSecret secret has to be created
|
||||
*/}}
|
||||
{{- define "grafana.shouldCreateConfigSecret" -}}
|
||||
{{- $secretFound := false -}}
|
||||
{{- range $key, $value := .Values.datasources }}
|
||||
{{- if hasKey $value "secret" }}
|
||||
{{- $secretFound = true}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.notifiers }}
|
||||
{{- if hasKey $value "secret" }}
|
||||
{{- $secretFound = true}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.alerting }}
|
||||
{{- if (or (hasKey $value "secret") (hasKey $value "secretFile")) }}
|
||||
{{- $secretFound = true}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- $secretFound}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Checks whether the user is attempting to store secrets in plaintext
|
||||
in the grafana.ini configmap
|
||||
*/}}
|
||||
{{/* grafana.assertNoLeakedSecrets checks for sensitive keys in values */}}
|
||||
{{- define "grafana.assertNoLeakedSecrets" -}}
|
||||
{{- $sensitiveKeysYaml := `
|
||||
sensitiveKeys:
|
||||
- path: ["database", "password"]
|
||||
- path: ["smtp", "password"]
|
||||
- path: ["security", "secret_key"]
|
||||
- path: ["security", "admin_password"]
|
||||
- path: ["auth.basic", "password"]
|
||||
- path: ["auth.ldap", "bind_password"]
|
||||
- path: ["auth.google", "client_secret"]
|
||||
- path: ["auth.github", "client_secret"]
|
||||
- path: ["auth.gitlab", "client_secret"]
|
||||
- path: ["auth.generic_oauth", "client_secret"]
|
||||
- path: ["auth.okta", "client_secret"]
|
||||
- path: ["auth.azuread", "client_secret"]
|
||||
- path: ["auth.grafana_com", "client_secret"]
|
||||
- path: ["auth.grafananet", "client_secret"]
|
||||
- path: ["azure", "user_identity_client_secret"]
|
||||
- path: ["unified_alerting", "ha_redis_password"]
|
||||
- path: ["metrics", "basic_auth_password"]
|
||||
- path: ["external_image_storage.s3", "secret_key"]
|
||||
- path: ["external_image_storage.webdav", "password"]
|
||||
- path: ["external_image_storage.azure_blob", "account_key"]
|
||||
` | fromYaml -}}
|
||||
{{- if $.Values.assertNoLeakedSecrets -}}
|
||||
{{- $grafanaIni := index .Values "grafana.ini" -}}
|
||||
{{- range $_, $secret := $sensitiveKeysYaml.sensitiveKeys -}}
|
||||
{{- $currentMap := $grafanaIni -}}
|
||||
{{- $shouldContinue := true -}}
|
||||
{{- range $index, $elem := $secret.path -}}
|
||||
{{- if and $shouldContinue (hasKey $currentMap $elem) -}}
|
||||
{{- if eq (len $secret.path) (add1 $index) -}}
|
||||
{{- if not (regexMatch "\\$(?:__(?:env|file|vault))?{[^}]+}" (index $currentMap $elem)) -}}
|
||||
{{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead. You can disable this client-side validation by changing the value of assertNoLeakedSecrets." (join "." $secret.path)) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- $currentMap = index $currentMap $elem -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- $shouldContinue = false -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
1329
manifests/grafana/templates/_pod.tpl
Normal file
1329
manifests/grafana/templates/_pod.tpl
Normal file
File diff suppressed because it is too large
Load Diff
25
manifests/grafana/templates/clusterrole.yaml
Normal file
25
manifests/grafana/templates/clusterrole.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingClusterRole) }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "grafana.fullname" . }}-clusterrole
|
||||
{{- if or .Values.sidecar.dashboards.enabled .Values.rbac.extraClusterRoleRules .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }}
|
||||
rules:
|
||||
{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.sidecar.alerts.enabled }}
|
||||
- apiGroups: [""] # "" indicates the core API group
|
||||
resources: ["configmaps", "secrets"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
{{- end}}
|
||||
{{- with .Values.rbac.extraClusterRoleRules }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end}}
|
||||
{{- else }}
|
||||
rules: []
|
||||
{{- end}}
|
||||
{{- end}}
|
24
manifests/grafana/templates/clusterrolebinding.yaml
Normal file
24
manifests/grafana/templates/clusterrolebinding.yaml
Normal file
@ -0,0 +1,24 @@
|
||||
{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) }}
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-clusterrolebinding
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "grafana.serviceAccountName" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
{{- if .Values.rbac.useExistingClusterRole }}
|
||||
name: {{ .Values.rbac.useExistingClusterRole }}
|
||||
{{- else }}
|
||||
name: {{ include "grafana.fullname" . }}-clusterrole
|
||||
{{- end }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
43
manifests/grafana/templates/configSecret.yaml
Normal file
43
manifests/grafana/templates/configSecret.yaml
Normal file
@ -0,0 +1,43 @@
|
||||
{{- $createConfigSecret := eq (include "grafana.shouldCreateConfigSecret" .) "true" -}}
|
||||
{{- if and .Values.createConfigmap $createConfigSecret }}
|
||||
{{- $files := .Files }}
|
||||
{{- $root := . -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "{{ include "grafana.fullname" . }}-config-secret"
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
{{- range $key, $value := .Values.alerting }}
|
||||
{{- if (hasKey $value "secretFile") }}
|
||||
{{- $key | nindent 2 }}:
|
||||
{{- toYaml ( $files.Get $value.secretFile ) | b64enc | nindent 4}}
|
||||
{{/* as of https://helm.sh/docs/chart_template_guide/accessing_files/ this will only work if you fork this chart and add files to it*/}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
stringData:
|
||||
{{- range $key, $value := .Values.datasources }}
|
||||
{{- if (hasKey $value "secret") }}
|
||||
{{- $key | nindent 2 }}: |
|
||||
{{- tpl (toYaml $value.secret | nindent 4) $root }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.notifiers }}
|
||||
{{- if (hasKey $value "secret") }}
|
||||
{{- $key | nindent 2 }}: |
|
||||
{{- tpl (toYaml $value.secret | nindent 4) $root }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.alerting }}
|
||||
{{ if (hasKey $value "secret") }}
|
||||
{{- $key | nindent 2 }}: |
|
||||
{{- tpl (toYaml $value.secret | nindent 4) $root }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,15 @@
|
||||
{{- if and .Values.sidecar.dashboards.enabled .Values.sidecar.dashboards.SCProvider }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "grafana.fullname" . }}-config-dashboards
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
data:
|
||||
{{- include "grafana.configDashboardProviderData" . | nindent 2 }}
|
||||
{{- end }}
|
20
manifests/grafana/templates/configmap.yaml
Normal file
20
manifests/grafana/templates/configmap.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
{{- if .Values.createConfigmap }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- if or .Values.configMapAnnotations .Values.annotations }}
|
||||
annotations:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.configMapAnnotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
data:
|
||||
{{- include "grafana.configData" . | nindent 2 }}
|
||||
{{- end }}
|
35
manifests/grafana/templates/dashboards-json-configmap.yaml
Normal file
35
manifests/grafana/templates/dashboards-json-configmap.yaml
Normal file
@ -0,0 +1,35 @@
|
||||
{{- if .Values.dashboards }}
|
||||
{{ $files := .Files }}
|
||||
{{- range $provider, $dashboards := .Values.dashboards }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" $ }}-dashboards-{{ $provider }}
|
||||
namespace: {{ include "grafana.namespace" $ }}
|
||||
labels:
|
||||
{{- include "grafana.labels" $ | nindent 4 }}
|
||||
dashboard-provider: {{ $provider }}
|
||||
{{- if $dashboards }}
|
||||
data:
|
||||
{{- $dashboardFound := false }}
|
||||
{{- range $key, $value := $dashboards }}
|
||||
{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
|
||||
{{- $dashboardFound = true }}
|
||||
{{- print $key | nindent 2 }}.json:
|
||||
{{- if hasKey $value "json" }}
|
||||
|-
|
||||
{{- $value.json | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if hasKey $value "file" }}
|
||||
{{- toYaml ( $files.Get $value.file ) | nindent 4}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if not $dashboardFound }}
|
||||
{}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
53
manifests/grafana/templates/deployment.yaml
Normal file
53
manifests/grafana/templates/deployment.yaml
Normal file
@ -0,0 +1,53 @@
|
||||
{{- if (and (not .Values.useStatefulSet) (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc"))) }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (not .Values.autoscaling.enabled) }}
|
||||
replicas: {{ .Values.replicas }}
|
||||
{{- end }}
|
||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
||||
{{- with .Values.deploymentStrategy }}
|
||||
strategy:
|
||||
{{- toYaml . | trim | nindent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podLabels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/config: {{ include "grafana.configData" . | sha256sum }}
|
||||
{{- if .Values.dashboards }}
|
||||
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
checksum/sc-dashboard-provider-config: {{ include "grafana.configDashboardProviderData" . | sha256sum }}
|
||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
checksum/secret: {{ include "grafana.secretsData" . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if .Values.envRenderSecret }}
|
||||
checksum/secret-env: {{ tpl (toYaml .Values.envRenderSecret) . | sha256sum }}
|
||||
{{- end }}
|
||||
kubectl.kubernetes.io/default-container: {{ .Chart.Name }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "grafana.pod" . | nindent 6 }}
|
||||
{{- end }}
|
4
manifests/grafana/templates/extra-manifests.yaml
Normal file
4
manifests/grafana/templates/extra-manifests.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
{{ range .Values.extraObjects }}
|
||||
---
|
||||
{{ tpl (toYaml .) $ }}
|
||||
{{ end }}
|
22
manifests/grafana/templates/headless-service.yaml
Normal file
22
manifests/grafana/templates/headless-service.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
{{- $sts := list "sts" "StatefulSet" "statefulset" -}}
|
||||
{{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)) }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-headless
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
{{- include "grafana.selectorLabels" . | nindent 4 }}
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: {{ .Values.gossipPortName }}-tcp
|
||||
port: 9094
|
||||
{{- end }}
|
51
manifests/grafana/templates/hpa.yaml
Normal file
51
manifests/grafana/templates/hpa.yaml
Normal file
@ -0,0 +1,51 @@
|
||||
{{- $sts := list "sts" "StatefulSet" "statefulset" -}}
|
||||
{{- if .Values.autoscaling.enabled }}
|
||||
apiVersion: {{ include "grafana.hpa.apiVersion" . }}
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "grafana.name" . }}
|
||||
helm.sh/chart: {{ include "grafana.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
{{- if has .Values.persistence.type $sts }}
|
||||
kind: StatefulSet
|
||||
{{- else }}
|
||||
kind: Deployment
|
||||
{{- end }}
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- if .Values.autoscaling.targetMemory }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
{{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }}
|
||||
targetAverageUtilization: {{ .Values.autoscaling.targetMemory }}
|
||||
{{- else }}
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ .Values.autoscaling.targetMemory }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.autoscaling.targetCPU }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
{{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }}
|
||||
targetAverageUtilization: {{ .Values.autoscaling.targetCPU }}
|
||||
{{- else }}
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ .Values.autoscaling.targetCPU }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.autoscaling.behavior }}
|
||||
behavior: {{ toYaml .Values.autoscaling.behavior | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
199
manifests/grafana/templates/image-renderer-deployment.yaml
Normal file
199
manifests/grafana/templates/image-renderer-deployment.yaml
Normal file
@ -0,0 +1,199 @@
|
||||
{{ if .Values.imageRenderer.enabled }}
|
||||
{{- $root := . -}}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-image-renderer
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.imageRenderer.labels" . | nindent 4 }}
|
||||
{{- with .Values.imageRenderer.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and (not .Values.imageRenderer.autoscaling.enabled) (.Values.imageRenderer.replicas) }}
|
||||
replicas: {{ .Values.imageRenderer.replicas }}
|
||||
{{- end }}
|
||||
revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
|
||||
|
||||
{{- with .Values.imageRenderer.deploymentStrategy }}
|
||||
strategy:
|
||||
{{- toYaml . | trim | nindent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.imageRenderer.podLabels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
{{- with .Values.imageRenderer.podAnnotations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.imageRenderer.schedulerName }}
|
||||
schedulerName: "{{ . }}"
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.serviceAccountName }}
|
||||
serviceAccountName: "{{ . }}"
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.hostAliases }}
|
||||
hostAliases:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range . }}
|
||||
- name: {{ tpl . $root }}
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}-image-renderer
|
||||
{{- $registry := .Values.global.imageRegistry | default .Values.imageRenderer.image.registry -}}
|
||||
{{- if .Values.imageRenderer.image.sha }}
|
||||
image: "{{ $registry }}/{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ $registry }}/{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }}
|
||||
{{- if .Values.imageRenderer.command }}
|
||||
command:
|
||||
{{- range .Values.imageRenderer.command }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end}}
|
||||
ports:
|
||||
- name: {{ .Values.imageRenderer.service.portName }}
|
||||
containerPort: {{ .Values.imageRenderer.service.targetPort }}
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.imageRenderer.service.portName }}
|
||||
env:
|
||||
- name: HTTP_PORT
|
||||
value: {{ .Values.imageRenderer.service.targetPort | quote }}
|
||||
{{- if .Values.imageRenderer.serviceMonitor.enabled }}
|
||||
- name: ENABLE_METRICS
|
||||
value: "true"
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.imageRenderer.envValueFrom }}
|
||||
- name: {{ $key | quote }}
|
||||
valueFrom:
|
||||
{{- tpl (toYaml $value) $ | nindent 16 }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.imageRenderer.env }}
|
||||
- name: {{ $key | quote }}
|
||||
value: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.containerSecurityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: image-renderer-tmpfs
|
||||
{{- range .Values.imageRenderer.extraConfigmapMounts }}
|
||||
- name: {{ tpl .name $root }}
|
||||
mountPath: {{ tpl .mountPath $root }}
|
||||
subPath: {{ tpl (.subPath | default "") $root }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- range .Values.imageRenderer.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
subPath: {{ .subPath | default "" }}
|
||||
{{- end }}
|
||||
{{- range .Values.imageRenderer.extraVolumeMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath | default "" }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.affinity }}
|
||||
affinity:
|
||||
{{- tpl (toYaml .) $root | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: image-renderer-tmpfs
|
||||
emptyDir: {}
|
||||
{{- range .Values.imageRenderer.extraConfigmapMounts }}
|
||||
- name: {{ tpl .name $root }}
|
||||
configMap:
|
||||
name: {{ tpl .configMap $root }}
|
||||
{{- with .items }}
|
||||
items:
|
||||
{{- toYaml . | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range .Values.imageRenderer.extraSecretMounts }}
|
||||
{{- if .secretName }}
|
||||
- name: {{ .name }}
|
||||
secret:
|
||||
secretName: {{ .secretName }}
|
||||
defaultMode: {{ .defaultMode }}
|
||||
{{- with .items }}
|
||||
items:
|
||||
{{- toYaml . | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- else if .projected }}
|
||||
- name: {{ .name }}
|
||||
projected:
|
||||
{{- toYaml .projected | nindent 12 }}
|
||||
{{- else if .csi }}
|
||||
- name: {{ .name }}
|
||||
csi:
|
||||
{{- toYaml .csi | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range .Values.imageRenderer.extraVolumes }}
|
||||
- name: {{ .name }}
|
||||
{{- if .existingClaim }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .existingClaim }}
|
||||
{{- else if .hostPath }}
|
||||
hostPath:
|
||||
{{ toYaml .hostPath | nindent 12 }}
|
||||
{{- else if .csi }}
|
||||
csi:
|
||||
{{- toYaml .csi | nindent 12 }}
|
||||
{{- else if .configMap }}
|
||||
configMap:
|
||||
{{- toYaml .configMap | nindent 12 }}
|
||||
{{- else if .emptyDir }}
|
||||
emptyDir:
|
||||
{{- toYaml .emptyDir | nindent 12 }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
46
manifests/grafana/templates/image-renderer-hpa.yaml
Normal file
46
manifests/grafana/templates/image-renderer-hpa.yaml
Normal file
@ -0,0 +1,46 @@
|
||||
{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.autoscaling.enabled }}
|
||||
apiVersion: {{ include "grafana.hpa.apiVersion" . }}
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-image-renderer
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer
|
||||
helm.sh/chart: {{ include "grafana.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ include "grafana.fullname" . }}-image-renderer
|
||||
minReplicas: {{ .Values.imageRenderer.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.imageRenderer.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- if .Values.imageRenderer.autoscaling.targetMemory }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
{{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }}
|
||||
targetAverageUtilization: {{ .Values.imageRenderer.autoscaling.targetMemory }}
|
||||
{{- else }}
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ .Values.imageRenderer.autoscaling.targetMemory }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.imageRenderer.autoscaling.targetCPU }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
{{- if eq (include "grafana.hpa.apiVersion" .) "autoscaling/v2beta1" }}
|
||||
targetAverageUtilization: {{ .Values.imageRenderer.autoscaling.targetCPU }}
|
||||
{{- else }}
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: {{ .Values.imageRenderer.autoscaling.targetCPU }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.imageRenderer.autoscaling.behavior }}
|
||||
behavior: {{ toYaml .Values.imageRenderer.autoscaling.behavior | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,79 @@
|
||||
{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.networkPolicy.limitIngress }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-image-renderer-ingress
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
annotations:
|
||||
comment: Limit image-renderer ingress traffic from grafana
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
|
||||
{{- with .Values.imageRenderer.podLabels }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- ports:
|
||||
- port: {{ .Values.imageRenderer.service.targetPort }}
|
||||
protocol: TCP
|
||||
from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: {{ include "grafana.namespace" . }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 14 }}
|
||||
{{- with .Values.podLabels }}
|
||||
{{- toYaml . | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.networkPolicy.extraIngressSelectors -}}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.networkPolicy.limitEgress }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-image-renderer-egress
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
annotations:
|
||||
comment: Limit image-renderer egress traffic to grafana
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
|
||||
{{- with .Values.imageRenderer.podLabels }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
# allow dns resolution
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
- port: 53
|
||||
protocol: TCP
|
||||
# talk only to grafana
|
||||
- ports:
|
||||
- port: {{ .Values.service.targetPort }}
|
||||
protocol: TCP
|
||||
to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: {{ include "grafana.namespace" . }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 14 }}
|
||||
{{- with .Values.podLabels }}
|
||||
{{- toYaml . | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
31
manifests/grafana/templates/image-renderer-service.yaml
Normal file
31
manifests/grafana/templates/image-renderer-service.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
{{- if and .Values.imageRenderer.enabled .Values.imageRenderer.service.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-image-renderer
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.imageRenderer.labels" . | nindent 4 }}
|
||||
{{- with .Values.imageRenderer.service.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.service.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
{{- with .Values.imageRenderer.service.clusterIP }}
|
||||
clusterIP: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.imageRenderer.service.portName }}
|
||||
port: {{ .Values.imageRenderer.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.imageRenderer.service.targetPort }}
|
||||
{{- with .Values.imageRenderer.appProtocol }}
|
||||
appProtocol: {{ . }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }}
|
||||
{{- end }}
|
@ -0,0 +1,48 @@
|
||||
{{- if .Values.imageRenderer.serviceMonitor.enabled }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-image-renderer
|
||||
{{- if .Values.imageRenderer.serviceMonitor.namespace }}
|
||||
namespace: {{ tpl .Values.imageRenderer.serviceMonitor.namespace . }}
|
||||
{{- else }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "grafana.imageRenderer.labels" . | nindent 4 }}
|
||||
{{- with .Values.imageRenderer.serviceMonitor.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
endpoints:
|
||||
- port: {{ .Values.imageRenderer.service.portName }}
|
||||
{{- with .Values.imageRenderer.serviceMonitor.interval }}
|
||||
interval: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ . }}
|
||||
{{- end }}
|
||||
honorLabels: true
|
||||
path: {{ .Values.imageRenderer.serviceMonitor.path }}
|
||||
scheme: {{ .Values.imageRenderer.serviceMonitor.scheme }}
|
||||
{{- with .Values.imageRenderer.serviceMonitor.tlsConfig }}
|
||||
tlsConfig:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.imageRenderer.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
jobLabel: "{{ .Release.Name }}-image-renderer"
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ include "grafana.namespace" . }}
|
||||
{{- with .Values.imageRenderer.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
78
manifests/grafana/templates/ingress.yaml
Normal file
78
manifests/grafana/templates/ingress.yaml
Normal file
@ -0,0 +1,78 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $ingressApiIsStable := eq (include "grafana.ingress.isStable" .) "true" -}}
|
||||
{{- $ingressSupportsIngressClassName := eq (include "grafana.ingress.supportsIngressClassName" .) "true" -}}
|
||||
{{- $ingressSupportsPathType := eq (include "grafana.ingress.supportsPathType" .) "true" -}}
|
||||
{{- $fullName := include "grafana.fullname" . -}}
|
||||
{{- $servicePort := .Values.service.port -}}
|
||||
{{- $ingressPath := .Values.ingress.path -}}
|
||||
{{- $ingressPathType := .Values.ingress.pathType -}}
|
||||
{{- $extraPaths := .Values.ingress.extraPaths -}}
|
||||
apiVersion: {{ include "grafana.ingress.apiVersion" . }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := . }}
|
||||
{{ $key }}: {{ tpl $value $ | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }}
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName }}
|
||||
{{- end -}}
|
||||
{{- with .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if .Values.ingress.hosts }}
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ tpl . $ | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- with $extraPaths }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ $ingressPath }}
|
||||
{{- if $ingressSupportsPathType }}
|
||||
pathType: {{ $ingressPathType }}
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if $ingressApiIsStable }}
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $fullName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- http:
|
||||
paths:
|
||||
- backend:
|
||||
{{- if $ingressApiIsStable }}
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $fullName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- with $ingressPath }}
|
||||
path: {{ . }}
|
||||
{{- end }}
|
||||
{{- if $ingressSupportsPathType }}
|
||||
pathType: {{ $ingressPathType }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
61
manifests/grafana/templates/networkpolicy.yaml
Normal file
61
manifests/grafana/templates/networkpolicy.yaml
Normal file
@ -0,0 +1,61 @@
|
||||
{{- if .Values.networkPolicy.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
policyTypes:
|
||||
{{- if .Values.networkPolicy.ingress }}
|
||||
- Ingress
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.egress.enabled }}
|
||||
- Egress
|
||||
{{- end }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
||||
|
||||
{{- if .Values.networkPolicy.egress.enabled }}
|
||||
egress:
|
||||
{{- if not .Values.networkPolicy.egress.blockDNSResolution }}
|
||||
- ports:
|
||||
- port: 53
|
||||
protocol: UDP
|
||||
{{- end }}
|
||||
- ports:
|
||||
{{ .Values.networkPolicy.egress.ports | toJson }}
|
||||
{{- with .Values.networkPolicy.egress.to }}
|
||||
to:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.networkPolicy.ingress }}
|
||||
ingress:
|
||||
- ports:
|
||||
- port: {{ .Values.service.targetPort }}
|
||||
{{- if not .Values.networkPolicy.allowExternal }}
|
||||
from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{ include "grafana.fullname" . }}-client: "true"
|
||||
{{- with .Values.networkPolicy.explicitNamespacesSelector }}
|
||||
- namespaceSelector:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
{{- include "grafana.labels" . | nindent 14 }}
|
||||
role: read
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
22
manifests/grafana/templates/poddisruptionbudget.yaml
Normal file
22
manifests/grafana/templates/poddisruptionbudget.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
{{- if .Values.podDisruptionBudget }}
|
||||
apiVersion: {{ include "grafana.podDisruptionBudget.apiVersion" . }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.podDisruptionBudget.minAvailable }}
|
||||
minAvailable: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.podDisruptionBudget.maxUnavailable }}
|
||||
maxUnavailable: {{ . }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
||||
{{- end }}
|
49
manifests/grafana/templates/podsecuritypolicy.yaml
Normal file
49
manifests/grafana/templates/podsecuritypolicy.yaml
Normal file
@ -0,0 +1,49 @@
|
||||
{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
|
||||
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
||||
{{- if .Values.rbac.pspUseAppArmor }}
|
||||
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
|
||||
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
||||
{{- end }}
|
||||
spec:
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
requiredDropCapabilities:
|
||||
# Default set from Docker, with DAC_OVERRIDE and CHOWN
|
||||
- ALL
|
||||
volumes:
|
||||
- 'configMap'
|
||||
- 'emptyDir'
|
||||
- 'projected'
|
||||
- 'csi'
|
||||
- 'secret'
|
||||
- 'downwardAPI'
|
||||
- 'persistentVolumeClaim'
|
||||
hostNetwork: false
|
||||
hostIPC: false
|
||||
hostPID: false
|
||||
runAsUser:
|
||||
rule: 'RunAsAny'
|
||||
seLinux:
|
||||
rule: 'RunAsAny'
|
||||
supplementalGroups:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
fsGroup:
|
||||
rule: 'MustRunAs'
|
||||
ranges:
|
||||
# Forbid adding the root group.
|
||||
- min: 1
|
||||
max: 65535
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
39
manifests/grafana/templates/pvc.yaml
Normal file
39
manifests/grafana/templates/pvc.yaml
Normal file
@ -0,0 +1,39 @@
|
||||
{{- if and (not .Values.useStatefulSet) .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.persistence.extraPvcLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.persistence.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.persistence.finalizers }}
|
||||
finalizers:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- if and (.Values.persistence.lookupVolumeName) (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)) }}
|
||||
volumeName: {{ (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)).spec.volumeName }}
|
||||
{{- end }}
|
||||
{{- with .Values.persistence.storageClassName }}
|
||||
storageClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.persistence.selectorLabels }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
32
manifests/grafana/templates/role.yaml
Normal file
32
manifests/grafana/templates/role.yaml
Normal file
@ -0,0 +1,32 @@
|
||||
{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)) }}
|
||||
rules:
|
||||
{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
|
||||
- apiGroups: ['extensions']
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames: [{{ include "grafana.fullname" . }}]
|
||||
{{- end }}
|
||||
{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled) }}
|
||||
- apiGroups: [""] # "" indicates the core API group
|
||||
resources: ["configmaps", "secrets"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
{{- end }}
|
||||
{{- with .Values.rbac.extraRoleRules }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end}}
|
||||
{{- else }}
|
||||
rules: []
|
||||
{{- end }}
|
||||
{{- end }}
|
25
manifests/grafana/templates/rolebinding.yaml
Normal file
25
manifests/grafana/templates/rolebinding.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
{{- if .Values.rbac.create }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
{{- if .Values.rbac.useExistingRole }}
|
||||
name: {{ .Values.rbac.useExistingRole }}
|
||||
{{- else }}
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "grafana.serviceAccountName" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
{{- end }}
|
44
manifests/grafana/templates/route.yaml
Normal file
44
manifests/grafana/templates/route.yaml
Normal file
@ -0,0 +1,44 @@
|
||||
{{- range $name, $route := .Values.route }}
|
||||
{{- if $route.enabled -}}
|
||||
---
|
||||
apiVersion: {{ $route.apiVersion | default "gateway.networking.k8s.io/v1" }}
|
||||
kind: {{ $route.kind | default "HTTPRoute" }}
|
||||
metadata:
|
||||
{{- with $route.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "grafana.fullname" $ }}{{ if ne $name "main" }}-{{ $name }}{{ end }}
|
||||
namespace: {{ template "grafana.namespace" $ }}
|
||||
labels:
|
||||
app: {{ template "grafana.name" $ }}-prometheus
|
||||
{{- include "grafana.labels" $ | nindent 4 }}
|
||||
{{- with $route.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with $route.parentRefs }}
|
||||
parentRefs:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $route.hostnames }}
|
||||
hostnames:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if $route.additionalRules }}
|
||||
{{- tpl (toYaml $route.additionalRules) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
- backendRefs:
|
||||
- name: {{ include "grafana.fullname" $ }}
|
||||
port: {{ $.Values.service.port }}
|
||||
{{- with $route.filters }}
|
||||
filters:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $route.matches }}
|
||||
matches:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
14
manifests/grafana/templates/secret-env.yaml
Normal file
14
manifests/grafana/templates/secret-env.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
{{- if .Values.envRenderSecret }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-env
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- range $key, $val := .Values.envRenderSecret }}
|
||||
{{ $key }}: {{ tpl ($val | toString) $ | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
16
manifests/grafana/templates/secret.yaml
Normal file
16
manifests/grafana/templates/secret.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- include "grafana.secretsData" . | nindent 2 }}
|
||||
{{- end }}
|
67
manifests/grafana/templates/service.yaml
Normal file
67
manifests/grafana/templates/service.yaml
Normal file
@ -0,0 +1,67 @@
|
||||
{{- if .Values.service.enabled }}
|
||||
{{- $root := . }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.service.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.annotations }}
|
||||
annotations:
|
||||
{{- tpl (toYaml . | nindent 4) $root }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
|
||||
type: ClusterIP
|
||||
{{- with .Values.service.clusterIP }}
|
||||
clusterIP: {{ . }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.service.type "LoadBalancer" }}
|
||||
type: LoadBalancer
|
||||
{{- with .Values.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.loadBalancerClass }}
|
||||
loadBalancerClass: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
type: {{ .Values.service.type }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.ipFamilyPolicy }}
|
||||
ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.service.ipFamilies }}
|
||||
ipFamilies: {{ .Values.service.ipFamilies | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.service.portName }}
|
||||
port: {{ .Values.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.service.targetPort }}
|
||||
{{- with .Values.service.appProtocol }}
|
||||
appProtocol: {{ . }}
|
||||
{{- end }}
|
||||
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
|
||||
nodePort: {{ .Values.service.nodePort }}
|
||||
{{- end }}
|
||||
{{- with .Values.extraExposePorts }}
|
||||
{{- tpl (toYaml . | nindent 4) $root }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "grafana.selectorLabels" . | nindent 4 }}
|
||||
{{- end }}
|
17
manifests/grafana/templates/serviceaccount.yaml
Normal file
17
manifests/grafana/templates/serviceaccount.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.autoMount | default .Values.serviceAccount.automountServiceAccountToken }}
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- tpl (toYaml . | nindent 4) $ }}
|
||||
{{- end }}
|
||||
name: {{ include "grafana.serviceAccountName" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
{{- end }}
|
52
manifests/grafana/templates/servicemonitor.yaml
Normal file
52
manifests/grafana/templates/servicemonitor.yaml
Normal file
@ -0,0 +1,52 @@
|
||||
{{- if .Values.serviceMonitor.enabled }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
{{- if .Values.serviceMonitor.namespace }}
|
||||
namespace: {{ tpl .Values.serviceMonitor.namespace . }}
|
||||
{{- else }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceMonitor.labels }}
|
||||
{{- tpl (toYaml . | nindent 4) $ }}
|
||||
{{- end }}
|
||||
spec:
|
||||
endpoints:
|
||||
- port: {{ .Values.service.portName }}
|
||||
{{- with .Values.serviceMonitor.interval }}
|
||||
interval: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ . }}
|
||||
{{- end }}
|
||||
honorLabels: true
|
||||
path: {{ .Values.serviceMonitor.path }}
|
||||
scheme: {{ .Values.serviceMonitor.scheme }}
|
||||
{{- with .Values.serviceMonitor.tlsConfig }}
|
||||
tlsConfig:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
jobLabel: "{{ .Release.Name }}"
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ include "grafana.namespace" . }}
|
||||
{{- with .Values.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
58
manifests/grafana/templates/statefulset.yaml
Normal file
58
manifests/grafana/templates/statefulset.yaml
Normal file
@ -0,0 +1,58 @@
|
||||
{{- $sts := list "sts" "StatefulSet" "statefulset" -}}
|
||||
{{- if (or (.Values.useStatefulSet) (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)))}}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 6 }}
|
||||
serviceName: {{ include "grafana.fullname" . }}-headless
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podLabels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
|
||||
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
|
||||
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
kubectl.kubernetes.io/default-container: {{ .Chart.Name }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "grafana.pod" . | nindent 6 }}
|
||||
{{- if .Values.persistence.enabled}}
|
||||
volumeClaimTemplates:
|
||||
- apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: storage
|
||||
spec:
|
||||
accessModes: {{ .Values.persistence.accessModes }}
|
||||
storageClassName: {{ .Values.persistence.storageClassName }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size }}
|
||||
{{- with .Values.persistence.selectorLabels }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
20
manifests/grafana/templates/tests/test-configmap.yaml
Normal file
20
manifests/grafana/templates/tests/test-configmap.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
{{- if .Values.testFramework.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-test
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
|
||||
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
data:
|
||||
run.sh: |-
|
||||
@test "Test Health" {
|
||||
url="http://{{ include "grafana.fullname" . }}/api/health"
|
||||
|
||||
code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^ HTTP/{print $2}')
|
||||
[ "$code" == "200" ]
|
||||
}
|
||||
{{- end }}
|
@ -0,0 +1,32 @@
|
||||
{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-test
|
||||
annotations:
|
||||
"helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
|
||||
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
spec:
|
||||
allowPrivilegeEscalation: true
|
||||
privileged: false
|
||||
hostNetwork: false
|
||||
hostIPC: false
|
||||
hostPID: false
|
||||
fsGroup:
|
||||
rule: RunAsAny
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
supplementalGroups:
|
||||
rule: RunAsAny
|
||||
runAsUser:
|
||||
rule: RunAsAny
|
||||
volumes:
|
||||
- configMap
|
||||
- downwardAPI
|
||||
- emptyDir
|
||||
- projected
|
||||
- csi
|
||||
- secret
|
||||
{{- end }}
|
17
manifests/grafana/templates/tests/test-role.yaml
Normal file
17
manifests/grafana/templates/tests/test-role.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-test
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
|
||||
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: ['policy']
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames: [{{ include "grafana.fullname" . }}-test]
|
||||
{{- end }}
|
20
manifests/grafana/templates/tests/test-rolebinding.yaml
Normal file
20
manifests/grafana/templates/tests/test-rolebinding.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-test
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
|
||||
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "grafana.fullname" . }}-test
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "grafana.serviceAccountNameTest" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
{{- end }}
|
12
manifests/grafana/templates/tests/test-serviceaccount.yaml
Normal file
12
manifests/grafana/templates/tests/test-serviceaccount.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
name: {{ include "grafana.serviceAccountNameTest" . }}
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
|
||||
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
|
||||
{{- end }}
|
53
manifests/grafana/templates/tests/test.yaml
Normal file
53
manifests/grafana/templates/tests/test.yaml
Normal file
@ -0,0 +1,53 @@
|
||||
{{- if .Values.testFramework.enabled }}
|
||||
{{- $root := . }}
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: {{ include "grafana.fullname" . }}-test
|
||||
labels:
|
||||
{{- include "grafana.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }}
|
||||
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
|
||||
namespace: {{ include "grafana.namespace" . }}
|
||||
spec:
|
||||
serviceAccountName: {{ include "grafana.serviceAccountNameTest" . }}
|
||||
{{- with .Values.testFramework.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.image.pullSecrets .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- include "grafana.imagePullSecrets" (dict "root" $root "imagePullSecrets" .Values.image.pullSecrets) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- tpl (toYaml .) $root | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Release.Name }}-test
|
||||
image: "{{ .Values.global.imageRegistry | default .Values.testFramework.image.registry }}/{{ .Values.testFramework.image.repository }}:{{ .Values.testFramework.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}"
|
||||
command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"]
|
||||
volumeMounts:
|
||||
- mountPath: /tests
|
||||
name: tests
|
||||
readOnly: true
|
||||
{{- with .Values.testFramework.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: tests
|
||||
configMap:
|
||||
name: {{ include "grafana.fullname" . }}-test
|
||||
restartPolicy: Never
|
||||
{{- end }}
|
27
manifests/pihole/.helmignore
Normal file
27
manifests/pihole/.helmignore
Normal file
@ -0,0 +1,27 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
|
||||
# Manually added entries
|
||||
ci/
|
||||
examples/
|
||||
Makefile
|
||||
README.md.gotmpl
|
367
manifests/pihole/CHANGELOG.md
Normal file
367
manifests/pihole/CHANGELOG.md
Normal file
@ -0,0 +1,367 @@
|
||||
# Changelog
|
||||
|
||||
## [2.26.2](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.26.1...pihole-2.26.2) (2024-10-27)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* wrong customSettings.otherSettings exmaple in values.yaml ([#319](https://github.com/MoJo2600/pihole-kubernetes/issues/319)) ([67a0e3f](https://github.com/MoJo2600/pihole-kubernetes/commit/67a0e3fce49f9899bd92f1fad3ed96ae1148b78e)), closes [#318](https://github.com/MoJo2600/pihole-kubernetes/issues/318)
|
||||
|
||||
## [2.26.1](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.26.0...pihole-2.26.1) (2024-07-26)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Update Notes.txt ([#309](https://github.com/MoJo2600/pihole-kubernetes/issues/309)) ([0c98981](https://github.com/MoJo2600/pihole-kubernetes/commit/0c9898127323effa124aef86f492c3935d8bc017)), closes [#307](https://github.com/MoJo2600/pihole-kubernetes/issues/307)
|
||||
|
||||
## [2.26.0](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.25.0...pihole-2.26.0) (2024-07-18)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* bump pihole version to 2024.07.0 ([#306](https://github.com/MoJo2600/pihole-kubernetes/issues/306)) ([a119d89](https://github.com/MoJo2600/pihole-kubernetes/commit/a119d893c9d193b38875f6b7841855f68716ca32))
|
||||
|
||||
## [2.25.0](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.24.0...pihole-2.25.0) (2024-06-27)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* bump pihole version to 2024.06.0 ([#303](https://github.com/MoJo2600/pihole-kubernetes/issues/303)) ([7f96afc](https://github.com/MoJo2600/pihole-kubernetes/commit/7f96afce866cd2dadfbb7d717ad05b87e23538a4))
|
||||
|
||||
## [2.24.0](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.23.0...pihole-2.24.0) (2024-05-14)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* bump pihole version to 2024.05.0 ([#298](https://github.com/MoJo2600/pihole-kubernetes/issues/298)) ([2b9fada](https://github.com/MoJo2600/pihole-kubernetes/commit/2b9fada9ea76857e9641935a7637a317451751cd))
|
||||
|
||||
## [2.23.0](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.22.0...pihole-2.23.0) (2024-04-04)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* Add optional annotations to the password secret ([#287](https://github.com/MoJo2600/pihole-kubernetes/issues/287)) ([b71d543](https://github.com/MoJo2600/pihole-kubernetes/commit/b71d54321e4c78f2640e0bbd979f3ebe840b2660))
|
||||
* bump pihole version to 2024.03.2 Bump program version [Workflow Run]: https://github.com/MoJo2600/pihole-kubernetes/actions/runs/8555143588 ([#294](https://github.com/MoJo2600/pihole-kubernetes/issues/294)) ([6e9bd88](https://github.com/MoJo2600/pihole-kubernetes/commit/6e9bd882a0df505468bcdee2a3a476e2fb39058d))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* invalid web service manifest generation ([#288](https://github.com/MoJo2600/pihole-kubernetes/issues/288)) ([b1019dc](https://github.com/MoJo2600/pihole-kubernetes/commit/b1019dcdd2b3f42ba05dbca8b687ee2627d92411))
|
||||
* Update Chart.yaml ([#291](https://github.com/MoJo2600/pihole-kubernetes/issues/291)) ([f10c1fc](https://github.com/MoJo2600/pihole-kubernetes/commit/f10c1fca167346de4fbd6681cfebd08cae7c13df))
|
||||
|
||||
## [2.22.0](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-v2.28.0...pihole-2.22.0) (2024-02-16)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* add support for service extraLabels ([#266](https://github.com/MoJo2600/pihole-kubernetes/issues/266)) ([4a09a58](https://github.com/MoJo2600/pihole-kubernetes/commit/4a09a5839e35d075598343bdf138161cf4ed5da7))
|
||||
* Bump pihole version to 2024.02.0 ([#283](https://github.com/MoJo2600/pihole-kubernetes/issues/283)) ([f9ec0af](https://github.com/MoJo2600/pihole-kubernetes/commit/f9ec0af000d6e4724010e5c18004896031485450))
|
||||
* Change to trigger a new Release ([#280](https://github.com/MoJo2600/pihole-kubernetes/issues/280)) ([dea65aa](https://github.com/MoJo2600/pihole-kubernetes/commit/dea65aa7d2e17336c63cb4ee8fdbb5f13eceaab6))
|
||||
|
||||
## [2.28.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.15...pihole-2.28.0) (2024-01-22)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* Bump pihole version to 2024.01.0 ([#69](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/69)) ([4954679](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/49546795430caa09ae7d2739fc2710650e5a753e))
|
||||
* documentation ([7902fa0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/7902fa03627cf7f1643bb5fcf71fe473d2725058))
|
||||
|
||||
## [2.27.15](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.14...pihole-2.27.15) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* pipeline ([cd5c934](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/cd5c934099b40921a05e5657b068d735b19aa5a5))
|
||||
* version ([cfdc6a8](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/cfdc6a8b59c7848520b0a33414d0aecfa6d0e38f))
|
||||
|
||||
## [2.27.14](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.13...pihole-2.27.14) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* docu ([9d4cf11](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/9d4cf111dabf42ff4e924e77357f24b410702264))
|
||||
* docu ([2d1c7de](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/2d1c7de714eba1d311db699e2f59f8e20a65814a))
|
||||
|
||||
## [2.27.13](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.12...pihole-2.27.13) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* docu ([c52c82c](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/c52c82c321b5cef5224d92209f7c5c87c3ac30d0))
|
||||
|
||||
## [2.27.12](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.11...pihole-2.27.12) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* docu ([26298d4](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/26298d4fa18fe5b4c1b5b6fee0c35768f749ccfd))
|
||||
|
||||
## [2.27.11](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.10...pihole-2.27.11) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* docu ([ba0e068](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/ba0e0685dfa5aa457b0199faac8640ae6426ed31))
|
||||
|
||||
## [2.27.10](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.9...pihole-2.27.10) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* docu ([357a35e](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/357a35e7ea3420b13812115680702bc99cc88b7c))
|
||||
* docu ([7ee22ef](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/7ee22effee65aa243c530bb91cbb79ac96edb28c))
|
||||
|
||||
## [2.27.9](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.8...pihole-2.27.9) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* documentation ([a667641](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/a6676416755a998cbc92172ae8850bacf7bfcf23))
|
||||
|
||||
## [2.27.8](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.7...pihole-2.27.8) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* docu ([044794e](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/044794e56d7cb4062f1d448f5b4ab53d1d2bfb97))
|
||||
|
||||
## [2.27.7](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.6...pihole-2.27.7) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* docu ([5319065](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/53190650a860caba1f4db78ad6bd3bfde814b83c))
|
||||
* documentation ([28b59be](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/28b59be0b29e564b3f8e3b0d63fc117280ee4959))
|
||||
* pipeline ([f94cb6a](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/f94cb6a0a1c028627eac6002c227dff51383c655))
|
||||
|
||||
## [2.27.6](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.5...pihole-2.27.6) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* documentation ([6e73f70](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/6e73f70d1e8ea2cd8d8be222872f53ff2ba39cfa))
|
||||
* documentation ([5d0e28d](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/5d0e28d8e2e980c5759dda885a96a0036b9a773f))
|
||||
* documentation ([767adf6](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/767adf6b19d4e888bafd1f1eb3cc302cfa8770de))
|
||||
|
||||
## [2.27.5](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.4...pihole-2.27.5) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* documentation ([e031bf3](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/e031bf330de12dd6cc40163c7c58337e30d045ca))
|
||||
|
||||
## [2.27.4](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.3...pihole-2.27.4) (2024-01-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* chart ([eb77bd6](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/eb77bd6e5f0faa548a58d9f4a55b3b08b384370b))
|
||||
* documentation ([c33a323](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/c33a3239b6eb074194e4161b0c6a416098b5f985))
|
||||
|
||||
## [2.27.3](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.2...pihole-2.27.3) (2024-01-19)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* reasdf ([#52](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/52)) ([1614b4f](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/1614b4f01333e7d974a09c7cad99c43e4ab9e013))
|
||||
|
||||
## [2.27.2](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.1...pihole-2.27.2) (2024-01-19)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* reasdf ([#50](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/50)) ([a189de9](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/a189de95b50683313ae71bb02709e1af0ff49c10))
|
||||
|
||||
## [2.27.1](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.27.0...pihole-2.27.1) (2024-01-19)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* release worthy ([#48](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/48)) ([89f2b67](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/89f2b679ae4628069d3237ff4bf60c80841f4506))
|
||||
|
||||
## [2.27.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.26.0...pihole-2.27.0) (2024-01-19)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* new value ([#46](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/46)) ([9f350de](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/9f350de18ca5dafbcd71ed6c295970ab5bbf4024))
|
||||
|
||||
## [2.26.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.25.5...pihole-2.26.0) (2024-01-18)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* nonsemantic release ([#44](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/44)) ([0949c23](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/0949c2378c9002c31ed64ffad2d85ffbb35e9240))
|
||||
* semantic pr title check ([#43](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/43)) ([0bb7787](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/0bb7787ce6bcf7ff8000e9fcf462dfde6d978a69))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* add prepare ([fc3d3ed](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/fc3d3edadb99c10e9372f74ad00a4669ee631704))
|
||||
* another fix ([fd147a9](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/fd147a9304755dc06f5bde2e300dfe995e3b76bb))
|
||||
|
||||
## [2.25.5](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.25.4...pihole-2.25.5) (2024-01-18)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* user facing change ([c0b8572](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/c0b85721d31d7ea7ad4fd952944bec6b8179aa52))
|
||||
|
||||
## [2.25.4](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.25.3...pihole-2.25.4) (2024-01-18)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* changes were made ([126f99a](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/126f99a012c8acaacd83943b2c59273959ab6e44))
|
||||
* split release-please steps ([e6c299c](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/e6c299c39b3b3faa04373268067e9c63fe6f4769))
|
||||
* split release-please steps 3 ([68061ef](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/68061ef7f00fe5b8d736e1d67fe7cddff17fbd88))
|
||||
* update readme ([1e1da72](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/1e1da7287b47094082077e4a4e070c47b72b97cc))
|
||||
|
||||
## [2.25.3](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.25.2...pihole-2.25.3) (2024-01-17)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* documentation add ([216d9a0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/216d9a0b09ca20338728c29c4137b61d938c4e27))
|
||||
|
||||
## [2.25.2](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.25.1...pihole-2.25.2) (2024-01-17)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* docu ([19775ae](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/19775ae1c56767a52423b29560cccc76e5210f59))
|
||||
* dudeldidum ([#37](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/37)) ([771b66b](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/771b66b58234e351383e5c9ba6ff2319a3bc8e41))
|
||||
* extra-files ([7fd4659](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/7fd465958db3c217d728bfe04fe3a728e90af2b1))
|
||||
* more stuff ([21b6f50](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/21b6f500f3416bbbcdd887257faed98d6270e6b8))
|
||||
* version string ([37b0726](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/37b0726952ee3368394857ceba72b354b1da53c9))
|
||||
|
||||
## [2.25.1](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.25.0...pihole-2.25.1) (2024-01-17)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* update workflow ([b34a376](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/b34a3763d1e729180ed6e12c62d8b35e6257a9a6))
|
||||
|
||||
## [2.25.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.24.1...pihole-2.25.0) (2024-01-17)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* add workflow ([2e6b419](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/2e6b419d7feae0e44c7f3c4d3c6d8dd9c5cb1aba))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* deplyoment ([51c4de2](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/51c4de263207464fa4530108a96b78d39fb88554))
|
||||
* docu ([cebbe86](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/cebbe860ae67da8ecfa3dcfcd6f2523cddc959c8))
|
||||
* docu ([315ba58](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/315ba587f16942c30d57c4bbbe2f326985a25433))
|
||||
* docu ([#31](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/31)) ([e922ee7](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/e922ee73eb88b5e30e8e33b2fc92f4ac9bb45743))
|
||||
* documentation ([1e11b06](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/1e11b064a1a03245fbbfc38e9c5eeffdfeed1555))
|
||||
* documentation ([f4eb84d](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/f4eb84da543272b7945a1b8d196a6487c38a0a8f))
|
||||
* documentation ([780df0d](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/780df0d9d5c1dbb455c17a08837fda6dafc42af7))
|
||||
* documentation ([#32](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/32)) ([28c05e1](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/28c05e194f4dc63619ac9aba7a7bf6177c25d843))
|
||||
* foo ([2d48537](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/2d485377272cbcff78f50eb3076df9510a8fea9b))
|
||||
|
||||
## [2.24.1](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.24.0...pihole-2.24.1) (2023-10-26)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* test ([368b29d](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/368b29d72b7eb40058a6723cb12a118ae80a335f))
|
||||
|
||||
## [2.24.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-v2.23.2...pihole-2.24.0) (2023-10-26)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* chart change ([b97b4f1](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/b97b4f17c689a8e7a782820366501eb3f3d47822))
|
||||
* chart change ([#27](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/27)) ([79caa0a](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/79caa0a2b868d92b5181071b67e268d81e460ce2))
|
||||
* chart change more docu ([ee97a50](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/ee97a50bb986e12acac90c0f6ae23d1ee3bd8f11))
|
||||
* more documentation ([14b6386](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/14b6386825725053455bbb1bbec4b47b95bb7a0a))
|
||||
* more documentation ([ab229d7](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/ab229d7c6fb8654a1d13bcfacf79b33dfc8e1233))
|
||||
* release-please ([c084b92](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/c084b92fd3cca0f45a43be384c4394d8ee066cec))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* more documentation ([ab229d7](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/ab229d7c6fb8654a1d13bcfacf79b33dfc8e1233))
|
||||
* more documentation ([061aab8](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/061aab85983c6e3adc853e68b3e96277c39659a5))
|
||||
* release ([6dd7615](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/6dd7615e603bba728ce1edcffac8361ddb18ddf4))
|
||||
|
||||
## [2.23.1](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.23.0...pihole-2.23.1) (2023-05-17)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* release ([6dd7615](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/6dd7615e603bba728ce1edcffac8361ddb18ddf4))
|
||||
|
||||
## [2.23.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.22.0...pihole-2.23.0) (2023-05-17)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* chart change ([b97b4f1](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/b97b4f17c689a8e7a782820366501eb3f3d47822))
|
||||
|
||||
## [2.22.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.21.0...pihole-2.22.0) (2023-05-17)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* chart change more docu ([ee97a50](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/ee97a50bb986e12acac90c0f6ae23d1ee3bd8f11))
|
||||
|
||||
## [2.21.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.20.0...pihole-2.21.0) (2023-05-17)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* more documentation ([14b6386](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/14b6386825725053455bbb1bbec4b47b95bb7a0a))
|
||||
|
||||
## [2.20.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-v2.19.0...pihole-2.20.0) (2023-05-17)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* more documentation ([ab229d7](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/ab229d7c6fb8654a1d13bcfacf79b33dfc8e1233))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* more documentation ([ab229d7](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/ab229d7c6fb8654a1d13bcfacf79b33dfc8e1233))
|
||||
* more documentation ([061aab8](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/061aab85983c6e3adc853e68b3e96277c39659a5))
|
||||
|
||||
## [2.19.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-v2.18.0...pihole-v2.19.0) (2023-05-04)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* release-please ([c084b92](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/c084b92fd3cca0f45a43be384c4394d8ee066cec))
|
||||
|
||||
## [2.18.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-v2.17.0...pihole-v2.18.0) (2023-05-02)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* more docu3 ([#8](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/8)) ([a8ac693](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/a8ac69371a794779bbbfc832509e5edd2d5d3708))
|
||||
* more docu4 ([#10](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/10)) ([e371a33](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/e371a3307d72209203cfd3912874483d1982a9d6))
|
||||
* more documentation ([#5](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/5)) ([90d4703](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/90d4703f40349fcfc0464d2e1631254ffac8f077))
|
||||
* new build pipeline ([c3a7d71](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/c3a7d714b332ee4de7e41947b78b35eb77cd1bbf))
|
||||
* release please test ([#6](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/6)) ([886eac4](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/886eac4d8af189606ce6c8c42470a3cd8cf7b3aa))
|
||||
* release please test asdf ([#12](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/12)) ([005679e](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/005679ec9debc74ae590f0897420024b50e8d8c0))
|
||||
|
||||
## [2.17.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-2.16.0...pihole-v2.17.0) (2023-05-02)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* release please test asdf ([#12](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/12)) ([005679e](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/005679ec9debc74ae590f0897420024b50e8d8c0))
|
||||
|
||||
## [2.16.0](https://github.com/MoJo2600/pihole-kubernetes-githubactions/compare/pihole-v2.15.0...pihole-v2.16.0) (2023-04-28)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* more docu3 ([#8](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/8)) ([a8ac693](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/a8ac69371a794779bbbfc832509e5edd2d5d3708))
|
||||
* more docu4 ([#10](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/10)) ([e371a33](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/e371a3307d72209203cfd3912874483d1982a9d6))
|
||||
* more documentation ([#5](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/5)) ([90d4703](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/90d4703f40349fcfc0464d2e1631254ffac8f077))
|
||||
* new build pipeline ([c3a7d71](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/c3a7d714b332ee4de7e41947b78b35eb77cd1bbf))
|
||||
* release please test ([#6](https://github.com/MoJo2600/pihole-kubernetes-githubactions/issues/6)) ([886eac4](https://github.com/MoJo2600/pihole-kubernetes-githubactions/commit/886eac4d8af189606ce6c8c42470a3cd8cf7b3aa))
|
15
manifests/pihole/Chart.yaml
Normal file
15
manifests/pihole/Chart.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
appVersion: 2024.07.0
|
||||
description: Installs pihole in kubernetes
|
||||
home: https://github.com/MoJo2600/pihole-kubernetes/tree/main/charts/pihole
|
||||
icon: https://i2.wp.com/pi-hole.net/wp-content/uploads/2016/12/Vortex-R.png
|
||||
maintainers:
|
||||
- email: christian.erhardt@mojo2k.de
|
||||
name: MoJo2600
|
||||
name: pihole
|
||||
sources:
|
||||
- https://github.com/MoJo2600/pihole-kubernetes/tree/main/charts/pihole
|
||||
- https://pi-hole.net/
|
||||
- https://github.com/pi-hole
|
||||
- https://github.com/pi-hole/docker-pi-hole
|
||||
version: 2.26.2
|
@ -1,12 +1,432 @@
|
||||
Add the repo `https://mojo2600.github.io/pihole-kubernetes/` from `mojo 2600`
|
||||
Edit the values by pulling the chart(if desired)
|
||||
```
|
||||
# pihole
|
||||
|
||||
Installs pihole in kubernetes
|
||||
|
||||
![Version: 2.26.2](https://img.shields.io/badge/Version-2.26.2-informational?style=flat-square) ![AppVersion: 2024.07.0](https://img.shields.io/badge/AppVersion-2024.07.0-informational?style=flat-square) <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->[![All Contributors](https://img.shields.io/badge/all_contributors-27-blue.svg?style=flat-square)](#contributors-)<!-- ALL-CONTRIBUTORS-BADGE:END -->
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/MoJo2600/pihole-kubernetes/tree/main/charts/pihole>
|
||||
* <https://pi-hole.net/>
|
||||
* <https://github.com/pi-hole>
|
||||
* <https://github.com/pi-hole/docker-pi-hole>
|
||||
|
||||
## Installation
|
||||
|
||||
Jeff Geerling on YouTube made a video about the installation of this chart:
|
||||
|
||||
[![Jeff Geerling on YouTube](https://img.youtube.com/vi/IafVCHkJbtI/0.jpg)](https://youtu.be/IafVCHkJbtI?t=2655)
|
||||
|
||||
### Add Helm repository
|
||||
|
||||
```shell
|
||||
helm repo add mojo2600 https://mojo2600.github.io/pihole-kubernetes/
|
||||
|
||||
helm install pihole mojo2600/pihole --values values.yaml
|
||||
helm repo update
|
||||
```
|
||||
|
||||
NOTE: if you want to install pihole solo, you must edit the network policy to
|
||||
allow external internal traffic to the pod. See
|
||||
[externalNetworkpolicy](https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/08-allow-external-traffic.md)
|
||||
### Configure the chart
|
||||
|
||||
The following items can be set via `--set` flag during installation or configured by editing the `values.yaml` directly.
|
||||
|
||||
#### Configure the way how to expose pihole service:
|
||||
|
||||
- **Ingress**: The ingress controller must be installed in the Kubernetes cluster.
|
||||
- **ClusterIP**: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster.
|
||||
- **LoadBalancer**: Exposes the service externally using a cloud provider’s load balancer.
|
||||
|
||||
## My settings in values.yaml
|
||||
|
||||
```console
|
||||
dnsmasq:
|
||||
customDnsEntries:
|
||||
- address=/nas/192.168.178.10
|
||||
|
||||
customCnameEntries:
|
||||
- cname=foo.nas,nas
|
||||
|
||||
persistentVolumeClaim:
|
||||
enabled: true
|
||||
|
||||
serviceWeb:
|
||||
loadBalancerIP: 192.168.178.252
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: pihole-svc
|
||||
type: LoadBalancer
|
||||
|
||||
serviceDns:
|
||||
loadBalancerIP: 192.168.178.252
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: pihole-svc
|
||||
type: LoadBalancer
|
||||
```
|
||||
|
||||
## Configuring Upstream DNS Resolvers
|
||||
|
||||
By default, `pihole-kubernetes` will configure pod DNS automatically to use Google's `8.8.8.8` nameserver for upstream
|
||||
DNS resolution. You can configure this, or opt-out of pod DNS configuration completely.
|
||||
|
||||
### Changing The Upstream DNS Resolver
|
||||
|
||||
For example, to use Cloudflare's resolver:
|
||||
|
||||
```yaml
|
||||
podDnsConfig:
|
||||
enabled: true
|
||||
policy: "None"
|
||||
nameservers:
|
||||
- 127.0.0.1
|
||||
- 1.1.1.1
|
||||
```
|
||||
|
||||
### Disabling Pod DNS Configuration
|
||||
|
||||
If you have other DNS policy at play (for example, when running a service mesh), you may not want to have
|
||||
`pihole-kubernetes` control this behavior. In that case, you can disable DNS configuration on `pihole` pods:
|
||||
|
||||
```yaml
|
||||
podDnsConfig:
|
||||
enabled: false
|
||||
```
|
||||
|
||||
## Upgrading
|
||||
|
||||
### To 2.0.0
|
||||
|
||||
This version splits the DHCP service into its own resource and puts the configuration to `serviceDhcp`.
|
||||
|
||||
**If you have not changed any configuration for `serviceDns`, you don’t need to do anything.**
|
||||
|
||||
If you have changed your `serviceDns` configuration, **copy** your `serviceDns` section into a new `serviceDhcp` section.
|
||||
|
||||
### To 1.8.22
|
||||
|
||||
To enhance compatibility for Traefik, we split the TCP and UDP service into Web and DNS. This means, if you have a dedicated configuration for the service, you have to
|
||||
update your `values.yaml` and add a new configuration for this new service.
|
||||
|
||||
Before (In my case, with metallb):
|
||||
```
|
||||
serviceTCP:
|
||||
loadBalancerIP: 192.168.178.252
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: pihole-svc
|
||||
|
||||
serviceUDP:
|
||||
loadBalancerIP: 192.168.178.252
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: pihole-svc
|
||||
```
|
||||
|
||||
After:
|
||||
```
|
||||
serviceWeb:
|
||||
loadBalancerIP: 192.168.178.252
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: pihole-svc
|
||||
|
||||
serviceDns:
|
||||
loadBalancerIP: 192.168.178.252
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: pihole-svc
|
||||
```
|
||||
|
||||
Version 1.8.22 has switched from the deprecated ingress api `extensions/v1beta1` to the go forward version `networking.k8s.io/v1`. This means that your cluster must be running 1.19.x as this api is not available on older versions. If necessary to run on an older Kubernetes Version, it can be done by modifying the ingress.yaml and changing the api definition back. The backend definition would also change from:
|
||||
|
||||
```
|
||||
backend:
|
||||
service:
|
||||
name: \{\{ $serviceName \}\}
|
||||
port:
|
||||
name: http
|
||||
```
|
||||
to:
|
||||
```
|
||||
backend:
|
||||
serviceName: \{\{ $serviceName \}\}
|
||||
servicePort: http
|
||||
```
|
||||
|
||||
## Uninstallation
|
||||
|
||||
To uninstall/delete the `my-release` deployment (NOTE: `--purge` is default behaviour in Helm 3+ and will error):
|
||||
|
||||
```bash
|
||||
helm delete --purge my-release
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
The following table lists the configurable parameters of the pihole chart and the default values.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| DNS1 | string | `"8.8.8.8"` | default upstream DNS 1 server to use |
|
||||
| DNS2 | string | `"8.8.4.4"` | default upstream DNS 2 server to use |
|
||||
| adlists | object | `{}` | list of adlists to import during initial start of the container |
|
||||
| admin | object | `{"annotations":null,"enabled":true,"existingSecret":"","passwordKey":"password"}` | Use an existing secret for the admin password. |
|
||||
| admin.annotations | string | `nil` | Specify [annotations](docs/Values.md#admin.annotations) to be added to the secret |
|
||||
| admin.enabled | bool | `true` | If set to false admin password will be disabled, adminPassword specified above and the pre-existing secret (if specified) will be ignored. |
|
||||
| admin.existingSecret | string | `""` | Specify an existing secret to use as admin password |
|
||||
| admin.passwordKey | string | `"password"` | Specify the key inside the secret to use |
|
||||
| adminPassword | string | `"admin"` | Administrator password when not using an existing secret (see below) |
|
||||
| affinity | object | `{}` | |
|
||||
| antiaff.avoidRelease | string | `"pihole1"` | Here you can set the pihole release (you set in `helm install <releasename> ...`) you want to avoid |
|
||||
| antiaff.enabled | bool | `false` | set to true to enable antiaffinity (example: 2 pihole DNS in the same cluster) |
|
||||
| antiaff.namespaces | list | `[]` | Here you can pass namespaces to be part of those inclueded in anti-affinity |
|
||||
| antiaff.strict | bool | `true` | Here you can choose between preferred or required |
|
||||
| blacklist | object | `{}` | list of blacklisted domains to import during initial start of the container |
|
||||
| capabilities | object | `{}` | |
|
||||
| customVolumes.config | object | `{}` | any volume type can be used here |
|
||||
| customVolumes.enabled | bool | `false` | set this to true to enable custom volumes |
|
||||
| dnsHostPort.enabled | bool | `false` | set this to true to enable dnsHostPort |
|
||||
| dnsHostPort.port | int | `53` | default port for this pod |
|
||||
| dnsmasq | object | `{"additionalHostsEntries":[],"customCnameEntries":[],"customDnsEntries":[],"customSettings":null,"staticDhcpEntries":[],"upstreamServers":[]}` | DNS MASQ settings |
|
||||
| dnsmasq.additionalHostsEntries | list | `[]` | Dnsmasq reads the /etc/hosts file to resolve ips. You can add additional entries if you like |
|
||||
| dnsmasq.customCnameEntries | list | `[]` | Here we specify custom cname entries that should point to `A` records or elements in customDnsEntries array. The format should be: - cname=cname.foo.bar,foo.bar - cname=cname.bar.foo,bar.foo - cname=cname record,dns record |
|
||||
| dnsmasq.customDnsEntries | list | `[]` | Add custom dns entries to override the dns resolution. All lines will be added to the pihole dnsmasq configuration. |
|
||||
| dnsmasq.customSettings | string | `nil` | Other options |
|
||||
| dnsmasq.staticDhcpEntries | list | `[]` | Static DHCP config |
|
||||
| dnsmasq.upstreamServers | list | `[]` | Add upstream dns servers. All lines will be added to the pihole dnsmasq configuration |
|
||||
| doh.enabled | bool | `false` | set to true to enabled DNS over HTTPs via cloudflared |
|
||||
| doh.envVars | object | `{}` | Here you can pass environment variables to the DoH container, for example: |
|
||||
| doh.name | string | `"cloudflared"` | name |
|
||||
| doh.probes | object | `{"liveness":{"enabled":true,"failureThreshold":10,"initialDelaySeconds":60,"probe":{"exec":{"command":["nslookup","-po=5053","cloudflare.com","127.0.0.1"]}},"timeoutSeconds":5}}` | Probes configuration |
|
||||
| doh.probes.liveness | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":60,"probe":{"exec":{"command":["nslookup","-po=5053","cloudflare.com","127.0.0.1"]}},"timeoutSeconds":5}` | Configure the healthcheck for the doh container |
|
||||
| doh.probes.liveness.enabled | bool | `true` | set to true to enable liveness probe |
|
||||
| doh.probes.liveness.failureThreshold | int | `10` | defines the failure threshold for the liveness probe |
|
||||
| doh.probes.liveness.initialDelaySeconds | int | `60` | defines the initial delay for the liveness probe |
|
||||
| doh.probes.liveness.probe | object | `{"exec":{"command":["nslookup","-po=5053","cloudflare.com","127.0.0.1"]}}` | customize the liveness probe |
|
||||
| doh.probes.liveness.timeoutSeconds | int | `5` | defines the timeout in secondes for the liveness probe |
|
||||
| doh.pullPolicy | string | `"IfNotPresent"` | Pull policy |
|
||||
| doh.repository | string | `"crazymax/cloudflared"` | repository |
|
||||
| doh.tag | string | `"latest"` | |
|
||||
| dualStack.enabled | bool | `false` | set this to true to enable creation of DualStack services or creation of separate IPv6 services if `serviceDns.type` is set to `"LoadBalancer"` |
|
||||
| extraContainers | list | `[]` | |
|
||||
| extraEnvVars | object | `{}` | extraEnvironmentVars is a list of extra enviroment variables to set for pihole to use |
|
||||
| extraEnvVarsSecret | object | `{}` | extraEnvVarsSecret is a list of secrets to load in as environment variables. |
|
||||
| extraInitContainers | list | `[]` | any initContainers you might want to run before starting pihole |
|
||||
| extraObjects | list | `[]` | any extra kubernetes manifests you might want |
|
||||
| extraVolumeMounts | object | `{}` | any extra volume mounts you might want |
|
||||
| extraVolumes | object | `{}` | any extra volumes you might want |
|
||||
| ftl | object | `{}` | values that should be added to pihole-FTL.conf |
|
||||
| hostNetwork | string | `"false"` | should the container use host network |
|
||||
| hostname | string | `""` | hostname of pod |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | the pull policy |
|
||||
| image.repository | string | `"pihole/pihole"` | the repostory to pull the image from |
|
||||
| image.tag | string | `""` | the docker tag, if left empty it will get it from the chart's appVersion |
|
||||
| ingress | object | `{"annotations":{},"enabled":false,"hosts":["chart-example.local"],"path":"/","tls":[]}` | Configuration for the Ingress |
|
||||
| ingress.annotations | object | `{}` | Annotations for the ingress |
|
||||
| ingress.enabled | bool | `false` | Generate a Ingress resource |
|
||||
| maxSurge | int | `1` | The maximum number of Pods that can be created over the desired number of `ReplicaSet` during updating. |
|
||||
| maxUnavailable | int | `1` | The maximum number of Pods that can be unavailable during updating |
|
||||
| monitoring.podMonitor | object | `{"enabled":false}` | Preferably adding prometheus scrape annotations rather than enabling podMonitor. |
|
||||
| monitoring.podMonitor.enabled | bool | `false` | set this to true to enable podMonitor |
|
||||
| monitoring.sidecar | object | `{"enabled":false,"image":{"pullPolicy":"IfNotPresent","repository":"ekofr/pihole-exporter","tag":"v0.3.0"},"port":9617,"resources":{"limits":{"memory":"128Mi"}}}` | Sidecar configuration |
|
||||
| monitoring.sidecar.enabled | bool | `false` | set this to true to enable podMonitor as sidecar |
|
||||
| monitoring.sidecar.image.repository | string | `"ekofr/pihole-exporter"` | the repository to use |
|
||||
| nodeSelector | object | `{}` | Node selector values |
|
||||
| persistentVolumeClaim | object | `{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":false,"size":"500Mi"}` | `spec.PersitentVolumeClaim` configuration |
|
||||
| persistentVolumeClaim.annotations | object | `{}` | Annotations for the `PersitentVolumeClaim` |
|
||||
| persistentVolumeClaim.enabled | bool | `false` | set to true to use pvc |
|
||||
| persistentVolumeClaim.size | string | `"500Mi"` | volume claim size |
|
||||
| podAnnotations | object | `{}` | Additional annotations for pods |
|
||||
| podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | configure a Pod Disruption Budget |
|
||||
| podDisruptionBudget.enabled | bool | `false` | set to true to enable creating the PDB |
|
||||
| podDisruptionBudget.minAvailable | int | `1` | minimum number of pods Kubernetes should try to have running at all times |
|
||||
| podDnsConfig.enabled | bool | `true` | |
|
||||
| podDnsConfig.nameservers[0] | string | `"127.0.0.1"` | |
|
||||
| podDnsConfig.nameservers[1] | string | `"8.8.8.8"` | |
|
||||
| podDnsConfig.policy | string | `"None"` | |
|
||||
| privileged | string | `"false"` | should container run in privileged mode |
|
||||
| probes | object | `{"liveness":{"enabled":true,"failureThreshold":10,"initialDelaySeconds":60,"port":"http","scheme":"HTTP","timeoutSeconds":5,"type":"httpGet"},"readiness":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"port":"http","scheme":"HTTP","timeoutSeconds":5}}` | Probes configuration |
|
||||
| probes.liveness.failureThreshold | int | `10` | threshold until the probe is considered failing |
|
||||
| probes.liveness.initialDelaySeconds | int | `60` | wait time before trying the liveness probe |
|
||||
| probes.liveness.timeoutSeconds | int | `5` | timeout in seconds |
|
||||
| probes.liveness.type | string | `"httpGet"` | Generate a liveness probe 'type' defaults to httpGet, can be set to 'command' to use a command type liveness probe. |
|
||||
| probes.readiness.enabled | bool | `true` | Generate a readiness probe |
|
||||
| probes.readiness.failureThreshold | int | `3` | The failure threshold |
|
||||
| probes.readiness.initialDelaySeconds | int | `60` | Initial delay to wait for readiness check |
|
||||
| probes.readiness.port | string | `"http"` | The port |
|
||||
| probes.readiness.timeoutSeconds | int | `5` | The timeout in seconds |
|
||||
| regex | object | `{}` | list of blacklisted regex expressions to import during initial start of the container |
|
||||
| replicaCount | int | `1` | The number of replicas |
|
||||
| resources | object | `{}` | lines, adjust them as necessary, and remove the curly braces after 'resources:'. |
|
||||
| serviceDhcp | object | `{"annotations":{},"enabled":true,"externalTrafficPolicy":"Local","extraLabels":{},"loadBalancerIP":"","loadBalancerIPv6":"","nodePort":"","port":67,"type":"NodePort"}` | Configuration for the DHCP service on port 67 |
|
||||
| serviceDhcp.annotations | object | `{}` | Annotations for the DHCP service |
|
||||
| serviceDhcp.enabled | bool | `true` | Generate a Service resource for DHCP traffic |
|
||||
| serviceDhcp.externalTrafficPolicy | string | `"Local"` | `spec.externalTrafficPolicy` for the DHCP Service |
|
||||
| serviceDhcp.extraLabels | object | `{}` | Labels for the DHCP service |
|
||||
| serviceDhcp.loadBalancerIP | string | `""` | A fixed `spec.loadBalancerIP` for the DHCP Service |
|
||||
| serviceDhcp.loadBalancerIPv6 | string | `""` | A fixed `spec.loadBalancerIP` for the IPv6 DHCP Service |
|
||||
| serviceDhcp.nodePort | string | `""` | Optional node port for the DHCP service |
|
||||
| serviceDhcp.port | int | `67` | The port of the DHCP service |
|
||||
| serviceDhcp.type | string | `"NodePort"` | `spec.type` for the DHCP Service |
|
||||
| serviceDns | object | `{"annotations":{},"externalTrafficPolicy":"Local","extraLabels":{},"loadBalancerIP":"","loadBalancerIPv6":"","mixedService":false,"nodePort":"","port":53,"type":"NodePort"}` | Configuration for the DNS service on port 53 |
|
||||
| serviceDns.annotations | object | `{}` | Annotations for the DNS service |
|
||||
| serviceDns.externalTrafficPolicy | string | `"Local"` | `spec.externalTrafficPolicy` for the DHCP Service |
|
||||
| serviceDns.extraLabels | object | `{}` | Labels for the DNS service |
|
||||
| serviceDns.loadBalancerIP | string | `""` | A fixed `spec.loadBalancerIP` for the DNS Service |
|
||||
| serviceDns.loadBalancerIPv6 | string | `""` | A fixed `spec.loadBalancerIP` for the IPv6 DNS Service |
|
||||
| serviceDns.mixedService | bool | `false` | deploys a mixed (TCP + UDP) Service instead of separate ones |
|
||||
| serviceDns.nodePort | string | `""` | Optional node port for the DNS service |
|
||||
| serviceDns.port | int | `53` | The port of the DNS service |
|
||||
| serviceDns.type | string | `"NodePort"` | `spec.type` for the DNS Service |
|
||||
| serviceWeb | object | `{"annotations":{},"externalTrafficPolicy":"Local","extraLabels":{},"http":{"enabled":true,"nodePort":"","port":80},"https":{"enabled":true,"nodePort":"","port":443},"loadBalancerIP":"","loadBalancerIPv6":"","type":"ClusterIP"}` | Configuration for the web interface service |
|
||||
| serviceWeb.annotations | object | `{}` | Annotations for the DHCP service |
|
||||
| serviceWeb.externalTrafficPolicy | string | `"Local"` | `spec.externalTrafficPolicy` for the web interface Service |
|
||||
| serviceWeb.extraLabels | object | `{}` | Labels for the web interface service |
|
||||
| serviceWeb.http | object | `{"enabled":true,"nodePort":"","port":80}` | Configuration for the HTTP web interface listener |
|
||||
| serviceWeb.http.enabled | bool | `true` | Generate a service for HTTP traffic |
|
||||
| serviceWeb.http.nodePort | string | `""` | Optional node port for the web HTTP service |
|
||||
| serviceWeb.http.port | int | `80` | The port of the web HTTP service |
|
||||
| serviceWeb.https | object | `{"enabled":true,"nodePort":"","port":443}` | Configuration for the HTTPS web interface listener |
|
||||
| serviceWeb.https.enabled | bool | `true` | Generate a service for HTTPS traffic |
|
||||
| serviceWeb.https.nodePort | string | `""` | Optional node port for the web HTTPS service |
|
||||
| serviceWeb.https.port | int | `443` | The port of the web HTTPS service |
|
||||
| serviceWeb.loadBalancerIP | string | `""` | A fixed `spec.loadBalancerIP` for the web interface Service |
|
||||
| serviceWeb.loadBalancerIPv6 | string | `""` | A fixed `spec.loadBalancerIP` for the IPv6 web interface Service |
|
||||
| serviceWeb.type | string | `"ClusterIP"` | `spec.type` for the web interface Service |
|
||||
| strategyType | string | `"RollingUpdate"` | The `spec.strategyTpye` for updates |
|
||||
| tolerations | list | `[]` | Toleration |
|
||||
| topologySpreadConstraints | list | `[]` | Specify a priorityClassName priorityClassName: "" Reference: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
|
||||
| virtualHost | string | `"pi.hole"` | |
|
||||
| webHttp | string | `"80"` | port the container should use to expose HTTP traffic |
|
||||
| webHttps | string | `"443"` | port the container should use to expose HTTPS traffic |
|
||||
| whitelist | object | `{}` | list of whitelisted domains to import during initial start of the container |
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| MoJo2600 | <christian.erhardt@mojo2k.de> | |
|
||||
|
||||
## Remarks
|
||||
|
||||
### MetalLB 0.8.1+
|
||||
|
||||
pihole seems to work without issue in MetalLB 0.8.1+
|
||||
|
||||
### MetalLB 0.7.3
|
||||
|
||||
MetalLB 0.7.3 has a bug, where the service is not announced anymore, when the pod changes (e.g. update of a deployment). My workaround is to restart the `metallb-speaker-*` pods.
|
||||
|
||||
## Credits
|
||||
|
||||
[Pi-hole®](https://pi-hole.net/)
|
||||
|
||||
## Contributing
|
||||
|
||||
Feel free to contribute by making a [pull request](https://github.com/MoJo2600/pihole-kubernetes/pull/new/master).
|
||||
|
||||
Please read [Contribution Guide](../../CONTRIBUTING.md) for more information on how you can contribute to this Chart.
|
||||
|
||||
## Contributors ✨
|
||||
|
||||
Thanks goes to these wonderful people:
|
||||
|
||||
<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
|
||||
<!-- prettier-ignore-start -->
|
||||
<!-- markdownlint-disable -->
|
||||
<table>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="http://www.mojo2k.de"><img src="https://avatars1.githubusercontent.com/u/2462817?v=4" width="100px;" alt=""/><br /><sub><b>Christian Erhardt</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://billimek.com/"><img src="https://avatars0.githubusercontent.com/u/6393612?v=4" width="100px;" alt=""/><br /><sub><b>Jeff Billimek</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/imle"><img src="https://avatars3.githubusercontent.com/u/4809109?v=4" width="100px;" alt=""/><br /><sub><b>Steven Imle</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/jetersen"><img src="https://avatars2.githubusercontent.com/u/1661688?v=4" width="100px;" alt=""/><br /><sub><b>Joseph Petersen</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/SiM22"><img src="https://avatars2.githubusercontent.com/u/5759618?v=4" width="100px;" alt=""/><br /><sub><b>Simon Garcia</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/AndyG-0"><img src="https://avatars1.githubusercontent.com/u/29743443?v=4" width="100px;" alt=""/><br /><sub><b>Andy Gilbreath</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/northerngit"><img src="https://avatars0.githubusercontent.com/u/4513272?v=4" width="100px;" alt=""/><br /><sub><b>James Wilson</b></sub></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/jskswamy"><img src="https://avatars2.githubusercontent.com/u/232449?v=4" width="100px;" alt=""/><br /><sub><b>Krishnaswamy Subramanian</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/luqasn"><img src="https://avatars2.githubusercontent.com/u/274902?v=4" width="100px;" alt=""/><br /><sub><b>Lucas Romero</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/konturn"><img src="https://avatars0.githubusercontent.com/u/35545508?v=4" width="100px;" alt=""/><br /><sub><b>konturn</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/tdorsey"><img src="https://avatars3.githubusercontent.com/u/1218404?v=4" width="100px;" alt=""/><br /><sub><b>tdorsey</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/alesz"><img src="https://avatars0.githubusercontent.com/u/12436980?v=4" width="100px;" alt=""/><br /><sub><b>Ales Zelenik</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/dtourde"><img src="https://avatars1.githubusercontent.com/u/49169262?v=4" width="100px;" alt=""/><br /><sub><b>Damien TOURDE</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/putz612"><img src="https://avatars3.githubusercontent.com/u/952758?v=4" width="100px;" alt=""/><br /><sub><b>Jason Sievert</b></sub></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/joshua-nord"><img src="https://avatars2.githubusercontent.com/u/1181300?v=4" width="100px;" alt=""/><br /><sub><b>joshua-nord</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://maximilianbo.de/"><img src="https://avatars3.githubusercontent.com/u/9051309?v=4" width="100px;" alt=""/><br /><sub><b>Maximilian Bode</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/raackley"><img src="https://avatars0.githubusercontent.com/u/1700688?v=4" width="100px;" alt=""/><br /><sub><b>raackley</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/StoicPerlman"><img src="https://avatars1.githubusercontent.com/u/3152359?v=4" width="100px;" alt=""/><br /><sub><b>Sam Kleiner</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://arpankapoor.com/"><img src="https://avatars3.githubusercontent.com/u/3677810?v=4" width="100px;" alt=""/><br /><sub><b>Arpan Kapoor</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/chrodriguez"><img src="https://avatars1.githubusercontent.com/u/1460882?v=4" width="100px;" alt=""/><br /><sub><b>Christian Rodriguez</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="http://dave-cahill.com/"><img src="https://avatars0.githubusercontent.com/u/361096?v=4" width="100px;" alt=""/><br /><sub><b>Dave Cahill</b></sub></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/golgoth31"><img src="https://avatars2.githubusercontent.com/u/5741421?v=4" width="100px;" alt=""/><br /><sub><b>golgoth31</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://greg.jeanmart.me/"><img src="https://avatars3.githubusercontent.com/u/506784?v=4" width="100px;" alt=""/><br /><sub><b>Greg Jeanmart</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/ballj"><img src="https://avatars1.githubusercontent.com/u/38097813?v=4" width="100px;" alt=""/><br /><sub><b>Joseph Ball</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="http://www.oneko.org/"><img src="https://avatars2.githubusercontent.com/u/4233214?v=4" width="100px;" alt=""/><br /><sub><b>Karlos</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/dza89"><img src="https://avatars0.githubusercontent.com/u/20373984?v=4" width="100px;" alt=""/><br /><sub><b>dza89</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/mikewhitley"><img src="https://avatars0.githubusercontent.com/u/52802633?v=4" width="100px;" alt=""/><br /><sub><b>mikewhitley</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/Vashiru"><img src="https://avatars2.githubusercontent.com/u/11370057?v=4" width="100px;" alt=""/><br /><sub><b>Vashiru</b></sub></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/sam-kleiner"><img src="https://avatars.githubusercontent.com/u/63059772?v=4" width="100px;" alt=""/><br /><sub><b>sam-kleiner</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://www.linkedin.com/in/alexgorbatchev/"><img src="https://avatars.githubusercontent.com/u/65633?v=4" width="100px;" alt=""/><br /><sub><b>Alex Gorbatchev</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/c-yco"><img src="https://avatars.githubusercontent.com/u/355591?v=4" width="100px;" alt=""/><br /><sub><b>Alexander Rabenstein</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="http://tibbon.com/"><img src="https://avatars.githubusercontent.com/u/82880?v=4" width="100px;" alt=""/><br /><sub><b>David Fisher</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/utkuozdemir"><img src="https://avatars.githubusercontent.com/u/1465819?v=4" width="100px;" alt=""/><br /><sub><b>Utku Özdemir</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://mor.re/"><img src="https://avatars.githubusercontent.com/u/7683567?v=4" width="100px;" alt=""/><br /><sub><b>Morre Meyer</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/johnsondnz"><img src="https://avatars.githubusercontent.com/u/7608966?v=4" width="100px;" alt=""/><br /><sub><b>Donald Johnson</b></sub></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://winston.milli.ng/"><img src="https://avatars.githubusercontent.com/u/6162814?v=4" width="100px;" alt=""/><br /><sub><b>Winston R. Milling</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/larivierec"><img src="https://avatars.githubusercontent.com/u/3633214?v=4" width="100px;" alt=""/><br /><sub><b>Christopher Larivière</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://sievenpiper.co/"><img src="https://avatars.githubusercontent.com/u/1131882?v=4" width="100px;" alt=""/><br /><sub><b>Justin Sievenpiper</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/beastob"><img src="https://avatars.githubusercontent.com/u/76816315?v=4" width="100px;" alt=""/><br /><sub><b>beastob</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://niftyside.io/"><img src="https://avatars.githubusercontent.com/u/653739?v=4" width="100px;" alt=""/><br /><sub><b>Daniel Mühlbachler-Pietrzykowski</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/consideRatio"><img src="https://avatars.githubusercontent.com/u/3837114?v=4" width="100px;" alt=""/><br /><sub><b>Erik Sundell</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/Ornias1993"><img src="https://avatars.githubusercontent.com/u/7613738?v=4" width="100px;" alt=""/><br /><sub><b>Kjeld Schouten-Lebbing</b></sub></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/mrwulf"><img src="https://avatars.githubusercontent.com/u/2494769?v=4" width="100px;" alt=""/><br /><sub><b>Brandon Wulf</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/DerRockWolf"><img src="https://avatars.githubusercontent.com/u/50499906?v=4" width="100px;" alt=""/><br /><sub><b>DerRockWolf</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/brnl"><img src="https://avatars.githubusercontent.com/u/3243133?v=4" width="100px;" alt=""/><br /><sub><b>brnl</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://rafaelgaspar.xyz/"><img src="https://avatars.githubusercontent.com/u/5567?v=4" width="100px;" alt=""/><br /><sub><b>Rafael Gaspar</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://chadimasri.com/"><img src="https://avatars.githubusercontent.com/u/1502811?v=4" width="100px;" alt=""/><br /><sub><b>Chadi El Masri</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/dfoulkes"><img src="https://avatars.githubusercontent.com/u/8113674?v=4" width="100px;" alt=""/><br /><sub><b>Dan Foulkes</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/george124816"><img src="https://avatars.githubusercontent.com/u/26443736?v=4" width="100px;" alt=""/><br /><sub><b>George Rodrigues</b></sub></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://pascaliske.dev/"><img src="https://avatars.githubusercontent.com/u/7473880?v=4" width="100px;" alt=""/><br /><sub><b>Pascal Iske</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://www.reyth.dev/"><img src="https://avatars.githubusercontent.com/u/23526880?v=4" width="100px;" alt=""/><br /><sub><b>Theo REY</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/piwi3910"><img src="https://avatars.githubusercontent.com/u/12539757?v=4" width="100px;" alt=""/><br /><sub><b>Watteel Pascal</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/frittenlab"><img src="https://avatars.githubusercontent.com/u/29921946?v=4" width="100px;" alt=""/><br /><sub><b>simon</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/FernFerret"><img src="https://avatars.githubusercontent.com/u/72811?v=4" width="100px;" alt=""/><br /><sub><b>Eric</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/vince-vibin"><img src="https://avatars.githubusercontent.com/u/99386370?v=4" width="100px;" alt=""/><br /><sub><b>Vincent</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/Keydrain"><img src="https://avatars.githubusercontent.com/u/5723055?v=4" width="100px;" alt=""/><br /><sub><b>Clint</b></sub></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/tamcore"><img src="https://avatars.githubusercontent.com/u/319917?v=4" width="100px;" alt=""/><br /><sub><b>Philipp B.</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/ebCrypto"><img src="https://avatars.githubusercontent.com/u/44279886?v=4" width="100px;" alt=""/><br /><sub><b>ebCrypto</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://ucdialplans.com/"><img src="https://avatars.githubusercontent.com/u/44060527?v=4" width="100px;" alt=""/><br /><sub><b>Ken Lasko</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/mbund"><img src="https://avatars.githubusercontent.com/u/25110595?v=4" width="100px;" alt=""/><br /><sub><b>Mark Bundschuh</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://fotoallerlei.com/"><img src="https://avatars.githubusercontent.com/u/3430656?v=4" width="100px;" alt=""/><br /><sub><b>Max Rosin</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/yzeng1314"><img src="https://avatars.githubusercontent.com/u/6365365?v=4" width="100px;" alt=""/><br /><sub><b>Yang</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/dwarf-king-hreidmar"><img src="https://avatars.githubusercontent.com/u/45319558?v=4" width="100px;" alt=""/><br /><sub><b>dwarf-king-hreidmar</b></sub></a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/s94santos"><img src="https://avatars.githubusercontent.com/u/10950164?v=4" width="100px;" alt=""/><br /><sub><b>s94santos</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/adamrdavid"><img src="https://avatars.githubusercontent.com/u/1854876?v=4" width="100px;" alt=""/><br /><sub><b>Adam David</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/bkonicek"><img src="https://avatars.githubusercontent.com/u/7397530?v=4" width="100px;" alt=""/><br /><sub><b>Ben Konicek</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/Gabisonfire"><img src="https://avatars.githubusercontent.com/u/6416239?v=4" width="100px;" alt=""/><br /><sub><b>Gabisonfire</b></sub></a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/giolekva"><img src="https://avatars.githubusercontent.com/u/124899?v=4" width="100px;" alt=""/><br /><sub><b>Giorgi Lekveishvili</b></sub></a></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<!-- markdownlint-restore -->
|
||||
<!-- prettier-ignore-end -->
|
||||
|
||||
<!-- ALL-CONTRIBUTORS-LIST:END -->
|
||||
|
||||
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
|
||||
|
87
manifests/pihole/docs/Values.md
Normal file
87
manifests/pihole/docs/Values.md
Normal file
@ -0,0 +1,87 @@
|
||||
# Values
|
||||
|
||||
## admin
|
||||
|
||||
### admin.annotations
|
||||
|
||||
By allowing annotations to be added to the password secret, we can use tools like [Reflector](https://github.com/emberstack/kubernetes-reflector) to synchronize secrets across namespaces.
|
||||
|
||||
This is interesting e.g. with the [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) 0.14+'s Pi-Hole integration that can automatically expose Ingress host names to the Local DNS configuration:
|
||||
|
||||
```yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: external-dns
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: external-dns
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: external-dns
|
||||
spec:
|
||||
serviceAccountName: external-dns
|
||||
containers:
|
||||
- name: external-dns
|
||||
image: registry.k8s.io/external-dns/external-dns:v0.14.0
|
||||
# If authentication is disabled and/or you didn't create
|
||||
# a secret, you can remove this block.
|
||||
envFrom:
|
||||
- secretRef:
|
||||
# Change this if you gave the secret a different name
|
||||
name: pihole-password
|
||||
args:
|
||||
- --source=service
|
||||
- --source=ingress
|
||||
# Pihole only supports A/CNAME records so there is no mechanism to track ownership.
|
||||
# You don't need to set this flag, but if you leave it unset, you will receive warning
|
||||
# logs when ExternalDNS attempts to create TXT records.
|
||||
- --registry=noop
|
||||
# IMPORTANT: If you have records that you manage manually in Pi-hole, set
|
||||
# the policy to upsert-only so they do not get deleted.
|
||||
- --policy=upsert-only
|
||||
- --provider=pihole
|
||||
# Change this to the actual address of your Pi-hole web server
|
||||
- --pihole-server=http://pihole-web.pihole.svc.cluster.local
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256M
|
||||
securityContext:
|
||||
fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes token files
|
||||
```
|
||||
|
||||
Since the Secret reference can only refer to a secret in the same namespace as ExternalDNS, using Reflector is a viable option to synchronize the two secrets. This can now be done via
|
||||
|
||||
```yaml
|
||||
admin:
|
||||
enabled: true
|
||||
existingSecret: ""
|
||||
passwordKey: "password"
|
||||
annotations:
|
||||
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
|
||||
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "external-dns"
|
||||
```
|
||||
|
||||
For Reflector to work we also need to create the mirror (target) secret in ExternalDNS' namespace like this:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
# Change this to match the secretRef used in the ExternalDNS deployment:
|
||||
name: pihole-password
|
||||
# Change this to ExternalDNS' namespace:
|
||||
namespace: external-dns
|
||||
annotations:
|
||||
# Change this to address the pihole password secret: 'namespace/secret-name':
|
||||
reflector.v1.k8s.emberstack.com/reflects: "pihole/pihole-password"
|
||||
data: {} # Will be overwritten by Reflector
|
||||
```
|
@ -1,73 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pihole-longhorn-volv-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 0.5Gi
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: pihole
|
||||
name: pihole
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: pihole
|
||||
strategy: {}
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: pihole
|
||||
spec:
|
||||
containers:
|
||||
- image: pihole/pihole
|
||||
name: pihole
|
||||
resources: {}
|
||||
env:
|
||||
- name: TZ
|
||||
value: "America/New_York"
|
||||
- name: WEBPASSWORD
|
||||
value: "initial"
|
||||
- name: DNSMASQ_LISTENING
|
||||
value: "all"
|
||||
status: {}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: pihole
|
||||
name: pihole-svc
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 80
|
||||
- name: dns-tcp
|
||||
port: 53
|
||||
protocol: TCP
|
||||
targetPort: 53
|
||||
- name: dns-udp
|
||||
port: 53
|
||||
protocol: UDP
|
||||
targetPort: 53
|
||||
selector:
|
||||
app: pihole
|
||||
type: LoadBalancer
|
||||
status:
|
||||
loadBalancer: {}
|
44
manifests/pihole/templates/NOTES.txt
Normal file
44
manifests/pihole/templates/NOTES.txt
Normal file
@ -0,0 +1,44 @@
|
||||
Pi-hole Helm Chart Deployment
|
||||
|
||||
1. Pi-hole Deployment Information:
|
||||
- Release Name: {{ .Release.Name }}
|
||||
- Namespace: {{ .Release.Namespace }}
|
||||
- Chart Name: {{ .Chart.Name }}
|
||||
- Chart Version: {{ .Chart.Version }}
|
||||
|
||||
2. Pi-hole Service Information:
|
||||
- Service Name: {{ template "pihole.fullname" . }}-web
|
||||
- Service Type: ClusterIP
|
||||
- Service Port: 80/443 TCP
|
||||
|
||||
- Service Name: {{ template "pihole.fullname" . }}-dns-tcp
|
||||
- Service Type: NodePort
|
||||
- Service Port: 53 TCP
|
||||
|
||||
- Service Name: {{ template "pihole.fullname" . }}-dns-udp
|
||||
- Service Type: NodePort
|
||||
- Service Port: 53 UDP
|
||||
|
||||
- Service Name: {{ template "pihole.fullname" . }}-dhcp
|
||||
- Service Type: NodePort
|
||||
- Service Port: 67 UDP
|
||||
|
||||
3. Accessing Pi-hole:
|
||||
!!! This chart does not create a Loadbalancer for pihole by default. Please
|
||||
create a configuration that is tailored to your setup. Especially the DNS
|
||||
and DHCP services are system services that require a dedicated setup based
|
||||
on your system !!!
|
||||
|
||||
Find more information in the wiki:
|
||||
https://github.com/MoJo2600/pihole-kubernetes/wiki/Pi%E2%80%90hole
|
||||
|
||||
4. Useful Commands:
|
||||
- Check the Pi-hole Deployment Status:
|
||||
helm status {{ .Release.Name }}
|
||||
|
||||
- Get Detailed Information about the Pi-hole Deployment:
|
||||
helm get all {{ .Release.Name }}
|
||||
|
||||
5. Clean Up:
|
||||
- To uninstall/delete the Pi-hole deployment, run:
|
||||
helm uninstall {{ .Release.Name }}
|
39
manifests/pihole/templates/_helpers.tpl
Normal file
39
manifests/pihole/templates/_helpers.tpl
Normal file
@ -0,0 +1,39 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "pihole.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "pihole.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "pihole.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Default password secret name.
|
||||
*/}}
|
||||
{{- define "pihole.password-secret" -}}
|
||||
{{- printf "%s-%s" (include "pihole.fullname" .) "password" | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
16
manifests/pihole/templates/configmap-adlists.yaml
Normal file
16
manifests/pihole/templates/configmap-adlists.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
{{ if .Values.adlists }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-adlists
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
data:
|
||||
adlists.list: |
|
||||
{{- range .Values.adlists }}
|
||||
{{ . }}
|
||||
{{- end }}
|
||||
{{ end }}
|
16
manifests/pihole/templates/configmap-blacklist.yaml
Normal file
16
manifests/pihole/templates/configmap-blacklist.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
{{ if .Values.blacklist }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-blacklist
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
data:
|
||||
blacklist.txt: |
|
||||
{{- range .Values.blacklist }}
|
||||
{{ . }}
|
||||
{{- end }}
|
||||
{{ end }}
|
16
manifests/pihole/templates/configmap-regex.yaml
Normal file
16
manifests/pihole/templates/configmap-regex.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
{{ if .Values.regex }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-regex
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
data:
|
||||
regex.list: |
|
||||
{{- range .Values.regex }}
|
||||
{{ . }}
|
||||
{{- end }}
|
||||
{{ end }}
|
16
manifests/pihole/templates/configmap-static-dhcp.yaml
Normal file
16
manifests/pihole/templates/configmap-static-dhcp.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
{{ if .Values.dnsmasq.staticDhcpEntries }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-static-dhcp
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
data:
|
||||
pihole-static-dhcp.conf: |
|
||||
{{- range .Values.dnsmasq.staticDhcpEntries }}
|
||||
{{ . }}
|
||||
{{- end }}
|
||||
{{ end }}
|
16
manifests/pihole/templates/configmap-whitelist.yaml
Normal file
16
manifests/pihole/templates/configmap-whitelist.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
{{ if .Values.whitelist }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-whitelist
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
data:
|
||||
whitelist.txt: |
|
||||
{{- range .Values.whitelist }}
|
||||
{{ . }}
|
||||
{{- end }}
|
||||
{{ end }}
|
32
manifests/pihole/templates/configmap.yaml
Normal file
32
manifests/pihole/templates/configmap.yaml
Normal file
@ -0,0 +1,32 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-custom-dnsmasq
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
data:
|
||||
02-custom.conf: |
|
||||
addn-hosts=/etc/addn-hosts
|
||||
{{- range .Values.dnsmasq.upstreamServers }}
|
||||
{{ . }}
|
||||
{{- end }}
|
||||
{{- range .Values.dnsmasq.customDnsEntries }}
|
||||
{{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.serviceDns.loadBalancerIP }}
|
||||
dhcp-option=6,{{ .Values.serviceDns.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- range .Values.dnsmasq.customSettings }}
|
||||
{{ . }}
|
||||
{{- end }}
|
||||
addn-hosts: |
|
||||
{{- range .Values.dnsmasq.additionalHostsEntries }}
|
||||
{{ . }}
|
||||
{{- end }}
|
||||
05-pihole-custom-cname.conf: |
|
||||
{{- range .Values.dnsmasq.customCnameEntries }}
|
||||
{{ . }}
|
||||
{{- end }}
|
349
manifests/pihole/templates/deployment.yaml
Normal file
349
manifests/pihole/templates/deployment.yaml
Normal file
@ -0,0 +1,349 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
strategy:
|
||||
type: {{ .Values.strategyType }}
|
||||
{{- if eq .Values.strategyType "RollingUpdate" }}
|
||||
rollingUpdate:
|
||||
maxSurge: {{ .Values.maxSurge }}
|
||||
maxUnavailable: {{ .Values.maxUnavailable }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum.config.adlists: {{ include (print $.Template.BasePath "/configmap-adlists.yaml") . | sha256sum | trunc 63 }}
|
||||
checksum.config.blacklist: {{ include (print $.Template.BasePath "/configmap-blacklist.yaml") . | sha256sum | trunc 63 }}
|
||||
checksum.config.regex: {{ include (print $.Template.BasePath "/configmap-regex.yaml") . | sha256sum | trunc 63 }}
|
||||
checksum.config.whitelist: {{ include (print $.Template.BasePath "/configmap-whitelist.yaml") . | sha256sum | trunc 63 }}
|
||||
checksum.config.dnsmasqConfig: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
|
||||
checksum.config.staticDhcpConfig: {{ include (print $.Template.BasePath "/configmap-static-dhcp.yaml") . | sha256sum | trunc 63 }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
spec:
|
||||
{{- if .Values.antiaff.enabled }}
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
{{- if .Values.antiaff.strict }}
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
{{- else }}
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
labelSelector:
|
||||
{{- end }}
|
||||
matchExpressions:
|
||||
- key: release
|
||||
operator: In
|
||||
values:
|
||||
- {{ .Values.antiaff.avoidRelease }}
|
||||
{{- if .Values.antiaff.namespaces}}
|
||||
namespaces:
|
||||
{{- toYaml .Values.antiaff.namespaces | nindent 14 }}
|
||||
{{- end }}
|
||||
topologyKey: "kubernetes.io/hostname"
|
||||
{{- end }}
|
||||
{{- if .Values.podDnsConfig.enabled }}
|
||||
dnsPolicy: {{ .Values.podDnsConfig.policy }}
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
{{- toYaml .Values.podDnsConfig.nameservers | nindent 8 }}
|
||||
{{- end }}
|
||||
hostname: {{ .Values.hostname }}
|
||||
hostNetwork: {{ .Values.hostNetwork }}
|
||||
{{- with .Values.extraInitContainers }}
|
||||
initContainers:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
{{- if .Values.extraContainers }}
|
||||
{{- toYaml .Values.extraContainers | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.monitoring.sidecar.enabled }}
|
||||
- name: exporter
|
||||
image: "{{ .Values.monitoring.sidecar.image.repository }}:{{ .Values.monitoring.sidecar.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.monitoring.sidecar.image.pullPolicy }}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
env:
|
||||
- name: PIHOLE_HOSTNAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: PIHOLE_PORT
|
||||
value: "{{ .Values.webHttp }}"
|
||||
- name: PIHOLE_PASSWORD
|
||||
{{- if .Values.admin.enabled }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ .Values.admin.passwordKey | default "password" }}
|
||||
name: {{ .Values.admin.existingSecret | default (include "pihole.password-secret" .) }}
|
||||
{{- else }}
|
||||
value: ""
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.monitoring.sidecar.resources | indent 12 }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.monitoring.sidecar.port }}
|
||||
name: prometheus
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- if .Values.doh.enabled }}
|
||||
- name: cloudflared
|
||||
image: "{{ .Values.doh.repository }}:{{ .Values.doh.tag }}"
|
||||
imagePullPolicy: {{ .Values.doh.pullPolicy }}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
resources:
|
||||
limits:
|
||||
memory: 128Mi
|
||||
ports:
|
||||
- containerPort: 5053
|
||||
name: cloudflared-udp
|
||||
protocol: UDP
|
||||
- containerPort: 49312
|
||||
name: cloudflared-met
|
||||
protocol: TCP
|
||||
{{- if .Values.doh.envVars }}
|
||||
env:
|
||||
{{- range $key, $value := .Values.doh.envVars }}
|
||||
- name: {{ $key | quote }}
|
||||
value: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.doh.probes.liveness.enabled }}
|
||||
livenessProbe:
|
||||
{{ toYaml .Values.doh.probes.liveness.probe | indent 12 }}
|
||||
initialDelaySeconds: {{ .Values.doh.probes.liveness.initialDelaySeconds }}
|
||||
failureThreshold: {{ .Values.doh.probes.liveness.failureThreshold }}
|
||||
timeoutSeconds: {{ .Values.doh.probes.liveness.timeoutSeconds }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: {{ .Chart.Name }}
|
||||
env:
|
||||
- name: 'WEB_PORT'
|
||||
value: "{{ .Values.webHttp }}"
|
||||
- name: VIRTUAL_HOST
|
||||
value: {{ .Values.virtualHost }}
|
||||
- name: WEBPASSWORD
|
||||
{{- if .Values.admin.enabled }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ .Values.admin.passwordKey | default "password" }}
|
||||
name: {{ .Values.admin.existingSecret | default (include "pihole.password-secret" .) }}
|
||||
{{- else }}
|
||||
value: ""
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.extraEnvVars }}
|
||||
- name: {{ $key | quote }}
|
||||
value: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.extraEnvVarsSecret }}
|
||||
- name: {{ $key | quote }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: {{ $value.key | quote }}
|
||||
name: {{ $value.name | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.doh.enabled }}
|
||||
- name: 'DNS1'
|
||||
value: "127.0.0.1#5053"
|
||||
- name: DNS2
|
||||
value: "127.0.0.1#5053"
|
||||
{{- else }}
|
||||
{{- if .Values.DNS1 }}
|
||||
- name: 'PIHOLE_DNS_'
|
||||
value: {{ if .Values.DNS2 }}{{ ( printf "%v;%v" .Values.DNS1 .Values.DNS2 ) | squote }}{{ else }}{{ .Values.DNS1 | squote }}{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.ftl }}
|
||||
- name: 'FTLCONF_{{ $key }}'
|
||||
value: {{ $value | quote }}
|
||||
{{- end }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
securityContext:
|
||||
privileged: {{ .Values.privileged }}
|
||||
{{- if .Values.capabilities }}
|
||||
capabilities:
|
||||
{{- toYaml .Values.capabilities | nindent 14 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.webHttp }}
|
||||
name: http
|
||||
protocol: TCP
|
||||
- containerPort: 53
|
||||
name: dns
|
||||
protocol: TCP
|
||||
{{- if .Values.dnsHostPort.enabled }}
|
||||
hostPort: {{ .Values.dnsHostPort.port }}
|
||||
{{- end }}
|
||||
- containerPort: 53
|
||||
name: dns-udp
|
||||
protocol: UDP
|
||||
{{- if .Values.dnsHostPort.enabled }}
|
||||
hostPort: {{ .Values.dnsHostPort.port }}
|
||||
{{- end }}
|
||||
- containerPort: {{ .Values.webHttps }}
|
||||
name: https
|
||||
protocol: TCP
|
||||
- containerPort: 67
|
||||
name: client-udp
|
||||
protocol: UDP
|
||||
{{- if .Values.probes.liveness.enabled }}
|
||||
livenessProbe:
|
||||
{{- if eq .Values.probes.liveness.type "command" }}
|
||||
exec:
|
||||
command: {{ .Values.probes.liveness.command | required "An array of command(s) is required if 'type' is set to 'command'." | toYaml | nindent 16 }}
|
||||
{{- else }}
|
||||
httpGet:
|
||||
path: /admin/index.php
|
||||
port: {{ .Values.probes.liveness.port }}
|
||||
scheme: {{ .Values.probes.liveness.scheme }}
|
||||
{{- end }}
|
||||
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
|
||||
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
|
||||
timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
|
||||
|
||||
{{- end }}
|
||||
{{- if .Values.probes.readiness.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /admin/index.php
|
||||
port: {{ .Values.probes.readiness.port }}
|
||||
scheme: {{ .Values.probes.readiness.scheme }}
|
||||
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
|
||||
failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
|
||||
timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- mountPath: /etc/pihole
|
||||
name: config
|
||||
{{- if .Values.persistentVolumeClaim.subPath }}
|
||||
subPath: {{ .Values.persistentVolumeClaim.subPath }}
|
||||
{{- end }}
|
||||
- mountPath: /etc/dnsmasq.d/02-custom.conf
|
||||
name: custom-dnsmasq
|
||||
subPath: 02-custom.conf
|
||||
- mountPath: /etc/addn-hosts
|
||||
name: custom-dnsmasq
|
||||
subPath: addn-hosts
|
||||
{{- if .Values.dnsmasq.customCnameEntries }}
|
||||
- mountPath: /etc/dnsmasq.d/05-pihole-custom-cname.conf
|
||||
name: custom-dnsmasq
|
||||
subPath: 05-pihole-custom-cname.conf
|
||||
{{- end }}
|
||||
{{- if .Values.adlists }}
|
||||
- mountPath: /etc/pihole/adlists.list
|
||||
name: adlists
|
||||
subPath: adlists.list
|
||||
{{- end }}
|
||||
{{- if .Values.blacklist }}
|
||||
- mountPath: /etc/pihole/blacklist.txt
|
||||
name: blacklist
|
||||
subPath: blacklist.txt
|
||||
{{- end }}
|
||||
{{- if .Values.regex }}
|
||||
- mountPath: /etc/pihole/regex.list
|
||||
name: regex
|
||||
subPath: regex.list
|
||||
{{- end }}
|
||||
{{- if .Values.whitelist }}
|
||||
- mountPath: /etc/pihole/whitelist.txt
|
||||
name: whitelist
|
||||
subPath: whitelist.txt
|
||||
{{- end }}
|
||||
{{- if .Values.dnsmasq.staticDhcpEntries }}
|
||||
- mountPath: /etc/dnsmasq.d/04-pihole-static-dhcp.conf
|
||||
name: static-dhcp
|
||||
subPath: pihole-static-dhcp.conf
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.extraVolumeMounts }}
|
||||
- name: {{ $key }}
|
||||
{{- toYaml $value | nindent 12 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 12 }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- with .Values.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: config
|
||||
{{- if .Values.persistentVolumeClaim.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ if .Values.persistentVolumeClaim.existingClaim }}{{ .Values.persistentVolumeClaim.existingClaim }}{{- else }}{{ template "pihole.fullname" . }}{{- end }}
|
||||
{{- else if .Values.customVolumes.enabled }}
|
||||
{{- toYaml .Values.customVolumes.config | nindent 8 }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
name: {{ template "pihole.fullname" . }}-custom-dnsmasq
|
||||
name: custom-dnsmasq
|
||||
{{- if .Values.adlists }}
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
name: {{ template "pihole.fullname" . }}-adlists
|
||||
name: adlists
|
||||
{{- end }}
|
||||
{{- if .Values.whitelist }}
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
name: {{ template "pihole.fullname" . }}-whitelist
|
||||
name: whitelist
|
||||
{{- end }}
|
||||
{{- if .Values.dnsmasq.staticDhcpEntries }}
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
name: {{ template "pihole.fullname" . }}-static-dhcp
|
||||
name: static-dhcp
|
||||
{{- end }}
|
||||
{{- if .Values.blacklist }}
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
name: {{ template "pihole.fullname" . }}-blacklist
|
||||
name: blacklist
|
||||
{{- end }}
|
||||
{{- if .Values.regex }}
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
name: {{ template "pihole.fullname" . }}-regex
|
||||
name: regex
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.extraVolumes }}
|
||||
- name: {{ $key }}
|
||||
{{- toYaml $value | nindent 8 }}
|
||||
{{- end }}
|
4
manifests/pihole/templates/extra-manifests.yaml
Normal file
4
manifests/pihole/templates/extra-manifests.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
{{ range .Values.extraObjects }}
|
||||
---
|
||||
{{ tpl (toYaml .) $ }}
|
||||
{{ end }}
|
38
manifests/pihole/templates/ingress.yaml
Normal file
38
manifests/pihole/templates/ingress.yaml
Normal file
@ -0,0 +1,38 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $serviceName := printf "%s-%s" (include "pihole.fullname" .) "web" -}}
|
||||
{{- $ingressPath := .Values.ingress.path -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.ingress.ingressClassName }}
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{ toYaml .Values.ingress.tls | indent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ . | quote }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ $ingressPath }}
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: {{ $serviceName }}
|
||||
port:
|
||||
name: http
|
||||
{{- end }}
|
||||
{{- end }}
|
21
manifests/pihole/templates/pdb.yaml
Normal file
21
manifests/pihole/templates/pdb.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
{{- if .Values.podDisruptionBudget.enabled -}}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-pdb
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
{{- if .Values.podDisruptionBudget.minAvailable }}
|
||||
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if .Values.podDisruptionBudget.maxUnavailable }}
|
||||
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
{{- end }}
|
43
manifests/pihole/templates/podmonitor.yaml
Normal file
43
manifests/pihole/templates/podmonitor.yaml
Normal file
@ -0,0 +1,43 @@
|
||||
{{- if .Values.monitoring.podMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- with .Values.monitoring.podMonitor.labels }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "pihole.fullname" . }}-prometheus-exporter
|
||||
{{- if .Values.monitoring.podMonitor.namespace }}
|
||||
namespace: {{ .Values.monitoring.podMonitor.namespace }}
|
||||
{{- end }}
|
||||
spec:
|
||||
podMetricsEndpoints:
|
||||
- port: prometheus
|
||||
path: /metrics
|
||||
{{- if .Values.monitoring.podMonitor.interval }}
|
||||
interval: {{ .Values.monitoring.podMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.monitoring.podMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.monitoring.podMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.monitoring.podMonitor.bearerTokenSecret }}
|
||||
bearerTokenSecret:
|
||||
name: {{ .Values.monitoring.podMonitor.bearerTokenSecret.name }}
|
||||
key: {{ .Values.monitoring.podMonitor.bearerTokenSecret.key }}
|
||||
{{- if .Values.monitoring.podMonitor.bearerTokenSecret.optional }}
|
||||
optional: {{ .Values.monitoring.podMonitor.bearerTokenSecret.optional }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
jobLabel: {{ template "pihole.fullname" . }}-prometheus-exporter
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
22
manifests/pihole/templates/secret.yaml
Normal file
22
manifests/pihole/templates/secret.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
{{- if and .Values.admin.enabled (not .Values.admin.existingSecret) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "pihole.password-secret" . }}
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- with .Values.admin.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if .Values.adminPassword }}
|
||||
password: {{ .Values.adminPassword | b64enc | quote }}
|
||||
{{- else }}
|
||||
password: {{ randAlphaNum 40 | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
78
manifests/pihole/templates/service-dhcp.yaml
Normal file
78
manifests/pihole/templates/service-dhcp.yaml
Normal file
@ -0,0 +1,78 @@
|
||||
{{- if .Values.serviceDhcp.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-dhcp
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.serviceDhcp.extraLabels }}
|
||||
{{ toYaml .Values.servicesDhcp.extraLabels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.serviceDhcp.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceDhcp.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.serviceDhcp.type }}
|
||||
{{- if and (.Values.dualStack.enabled) (not (eq .Values.serviceDhcp.type "LoadBalancer")) }}
|
||||
ipFamilies:
|
||||
- IPv4
|
||||
- IPv6
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{{- end }}
|
||||
{{- if .Values.serviceDhcp.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.serviceDhcp.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.serviceDhcp.type "NodePort") (eq .Values.serviceDhcp.type "LoadBalancer") }}
|
||||
externalTrafficPolicy: {{ .Values.serviceDhcp.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.serviceDhcp.port }}
|
||||
targetPort: client-udp
|
||||
{{- if and (.Values.serviceDhcp.nodePort) (eq .Values.serviceDhcp.type "NodePort") }}
|
||||
nodePort: {{ .Values.serviceDhcp.nodePort }}
|
||||
{{- end }}
|
||||
protocol: UDP
|
||||
name: client-udp
|
||||
selector:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
---
|
||||
{{- if and (.Values.dualStack.enabled) (eq .Values.serviceDhcp.type "LoadBalancer") -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-dhcp-ivp6
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.serviceDhcp.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceDhcp.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.serviceDhcp.type }}
|
||||
ipFamilies:
|
||||
- IPv6
|
||||
ipFamilyPolicy: SingleStack
|
||||
{{- if .Values.serviceDhcp.loadBalancerIPv6 }}
|
||||
loadBalancerIP: {{ .Values.serviceDhcp.loadBalancerIPv6 }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.serviceDhcp.type "NodePort") (eq .Values.serviceDhcp.type "LoadBalancer") }}
|
||||
externalTrafficPolicy: {{ .Values.serviceDhcp.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: 67
|
||||
targetPort: client-udp
|
||||
protocol: UDP
|
||||
name: client-udp
|
||||
selector:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
90
manifests/pihole/templates/service-dns-tcp.yaml
Normal file
90
manifests/pihole/templates/service-dns-tcp.yaml
Normal file
@ -0,0 +1,90 @@
|
||||
{{- if not .Values.serviceDns.mixedService }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-dns-tcp
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.serviceDns.extraLabels }}
|
||||
{{ toYaml .Values.serviceDns.extraLabels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.serviceDns.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceDns.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.serviceDns.type }}
|
||||
{{- if and (.Values.dualStack.enabled) (not (eq .Values.serviceDns.type "LoadBalancer")) }}
|
||||
ipFamilies:
|
||||
- IPv4
|
||||
- IPv6
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{{- end }}
|
||||
{{- if .Values.serviceDns.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.serviceDns.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
|
||||
externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.serviceDns.port }}
|
||||
targetPort: dns
|
||||
{{- if and (.Values.serviceDns.nodePort) (eq .Values.serviceDns.type "NodePort") }}
|
||||
nodePort: {{ .Values.serviceDns.nodePort }}
|
||||
{{- end }}
|
||||
protocol: TCP
|
||||
name: dns
|
||||
{{- if .Values.monitoring.sidecar.enabled }}
|
||||
- port: {{ .Values.monitoring.sidecar.port }}
|
||||
targetPort: prometheus
|
||||
protocol: TCP
|
||||
name: prometheus
|
||||
{{- end }}
|
||||
selector:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
---
|
||||
{{- if and (.Values.dualStack.enabled) (eq .Values.serviceDns.type "LoadBalancer") -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-dns-tcp-ipv6
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.serviceDns.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceDns.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.serviceDns.type }}
|
||||
ipFamilies:
|
||||
- IPv6
|
||||
ipFamilyPolicy: SingleStack
|
||||
{{- if .Values.serviceDns.loadBalancerIPv6 }}
|
||||
loadBalancerIP: {{ .Values.serviceDns.loadBalancerIPv6 }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
|
||||
externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.serviceDns.port }}
|
||||
targetPort: dns
|
||||
protocol: TCP
|
||||
name: dns
|
||||
{{- if .Values.monitoring.sidecar.enabled }}
|
||||
- port: {{ .Values.monitoring.sidecar.port }}
|
||||
targetPort: prometheus
|
||||
protocol: TCP
|
||||
name: prometheus
|
||||
{{- end }}
|
||||
selector:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
78
manifests/pihole/templates/service-dns-udp.yaml
Normal file
78
manifests/pihole/templates/service-dns-udp.yaml
Normal file
@ -0,0 +1,78 @@
|
||||
{{- if not .Values.serviceDns.mixedService }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-dns-udp
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.serviceDns.extraLabels }}
|
||||
{{ toYaml .Values.serviceDns.extraLabels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.serviceDns.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceDns.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.serviceDns.type }}
|
||||
{{- if and (.Values.dualStack.enabled) (not (eq .Values.serviceDns.type "LoadBalancer")) }}
|
||||
ipFamilies:
|
||||
- IPv4
|
||||
- IPv6
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{{- end }}
|
||||
{{- if .Values.serviceDns.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.serviceDns.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
|
||||
externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.serviceDns.port }}
|
||||
targetPort: dns-udp
|
||||
{{- if and (.Values.serviceDns.nodePort) (eq .Values.serviceDns.type "NodePort") }}
|
||||
nodePort: {{ .Values.serviceDns.nodePort }}
|
||||
{{- end }}
|
||||
protocol: UDP
|
||||
name: dns-udp
|
||||
selector:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
---
|
||||
{{- if and (.Values.dualStack.enabled) (eq .Values.serviceDns.type "LoadBalancer") -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-dns-udp-ipv6
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.serviceDns.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceDns.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.serviceDns.type }}
|
||||
ipFamilies:
|
||||
- IPv6
|
||||
ipFamilyPolicy: SingleStack
|
||||
{{- if .Values.serviceDns.loadBalancerIPv6 }}
|
||||
loadBalancerIP: {{ .Values.serviceDns.loadBalancerIPv6 }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
|
||||
externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.serviceDns.port }}
|
||||
targetPort: dns-udp
|
||||
protocol: UDP
|
||||
name: dns-udp
|
||||
selector:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
95
manifests/pihole/templates/service-dns.yaml
Normal file
95
manifests/pihole/templates/service-dns.yaml
Normal file
@ -0,0 +1,95 @@
|
||||
{{- if .Values.serviceDns.mixedService }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-dns
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.serviceDns.extraLabels }}
|
||||
{{ toYaml .Values.serviceDns.extraLabels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.serviceDns.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceDns.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.serviceDns.type }}
|
||||
{{- if .Values.serviceDns.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.serviceDns.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
|
||||
externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.serviceDns.port }}
|
||||
targetPort: dns
|
||||
{{- if .Values.serviceDns.nodePort }}
|
||||
nodePort: {{ .Values.serviceDns.nodePort }}
|
||||
{{- end }}
|
||||
protocol: TCP
|
||||
name: dns
|
||||
- port: {{ .Values.serviceDns.port }}
|
||||
targetPort: dns-udp
|
||||
{{- if and (.Values.serviceDns.nodePort) (eq .Values.serviceDns.type "NodePort") }}
|
||||
nodePort: {{ .Values.serviceDns.nodePort }}
|
||||
{{- end }}
|
||||
protocol: UDP
|
||||
name: dns-udp
|
||||
{{- if .Values.monitoring.sidecar.enabled }}
|
||||
- port: {{ .Values.monitoring.sidecar.port }}
|
||||
targetPort: prometheus
|
||||
protocol: TCP
|
||||
name: prometheus
|
||||
{{- end }}
|
||||
selector:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
---
|
||||
{{- if and (.Values.dualStack.enabled) (eq .Values.serviceDns.type "LoadBalancer") -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-dns-ipv6
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.serviceDns.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceDns.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.serviceDns.type }}
|
||||
ipFamilies:
|
||||
- IPv6
|
||||
ipFamilyPolicy: SingleStack
|
||||
{{- if .Values.serviceDns.loadBalancerIPv6 }}
|
||||
loadBalancerIP: {{ .Values.serviceDns.loadBalancerIPv6 }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
|
||||
externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.serviceDns.port }}
|
||||
targetPort: dns
|
||||
protocol: TCP
|
||||
name: dns
|
||||
- port: {{ .Values.serviceDns.port }}
|
||||
targetPort: dns-udp
|
||||
protocol: UDP
|
||||
name: dns-udp
|
||||
{{- if .Values.monitoring.sidecar.enabled }}
|
||||
- port: {{ .Values.monitoring.sidecar.port }}
|
||||
targetPort: prometheus
|
||||
protocol: TCP
|
||||
name: prometheus
|
||||
{{- end }}
|
||||
selector:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
107
manifests/pihole/templates/service-web.yaml
Normal file
107
manifests/pihole/templates/service-web.yaml
Normal file
@ -0,0 +1,107 @@
|
||||
{{- if or .Values.serviceWeb.http.enabled .Values.serviceWeb.https.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-web
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.serviceWeb.extraLabels }}
|
||||
{{ toYaml .Values.serviceWeb.extraLabels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.serviceWeb.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceWeb.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.serviceWeb.type }}
|
||||
{{- if and (.Values.dualStack.enabled) (not (eq .Values.serviceWeb.type "LoadBalancer")) }}
|
||||
ipFamilies:
|
||||
- IPv4
|
||||
- IPv6
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{{- end }}
|
||||
{{- if .Values.serviceWeb.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.serviceWeb.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.serviceWeb.type "NodePort") (eq .Values.serviceWeb.type "LoadBalancer") }}
|
||||
externalTrafficPolicy: {{ .Values.serviceWeb.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
{{- if .Values.serviceWeb.http.enabled }}
|
||||
- port: {{ .Values.serviceWeb.http.port }}
|
||||
targetPort: http
|
||||
{{- if and (.Values.serviceWeb.http.nodePort) (eq .Values.serviceWeb.type "NodePort") }}
|
||||
nodePort: {{ .Values.serviceWeb.http.nodePort }}
|
||||
{{- end }}
|
||||
protocol: TCP
|
||||
name: http
|
||||
{{- end }}
|
||||
{{- if .Values.serviceWeb.https.enabled }}
|
||||
- port: {{ .Values.serviceWeb.https.port }}
|
||||
targetPort: https
|
||||
{{- if and (.Values.serviceWeb.https.nodePort) (eq .Values.serviceWeb.type "NodePort") }}
|
||||
nodePort: {{ .Values.serviceWeb.https.nodePort }}
|
||||
{{- end }}
|
||||
protocol: TCP
|
||||
name: https
|
||||
{{- end }}
|
||||
{{- if .Values.doh.enabled }}
|
||||
- port: 49312
|
||||
protocol: TCP
|
||||
name: cloudflared-met
|
||||
{{- end }}
|
||||
selector:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
---
|
||||
{{- if and (.Values.dualStack.enabled) (eq .Values.serviceWeb.type "LoadBalancer") -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "pihole.fullname" . }}-web-ipv6
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ template "pihole.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.serviceWeb.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceWeb.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.serviceWeb.type }}
|
||||
ipFamilies:
|
||||
- IPv6
|
||||
ipFamilyPolicy: SingleStack
|
||||
{{- if .Values.serviceWeb.loadBalancerIPv6 }}
|
||||
loadBalancerIP: {{ .Values.serviceWeb.loadBalancerIPv6 }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.serviceWeb.type "NodePort") (eq .Values.serviceWeb.type "LoadBalancer") }}
|
||||
externalTrafficPolicy: {{ .Values.serviceWeb.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
{{- if .Values.serviceWeb.http.enabled }}
|
||||
- port: {{ .Values.serviceWeb.http.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
{{- end }}
|
||||
{{- if .Values.serviceWeb.https.enabled }}
|
||||
- port: {{ .Values.serviceWeb.https.port }}
|
||||
targetPort: https
|
||||
protocol: TCP
|
||||
name: https
|
||||
{{- end }}
|
||||
{{- if .Values.doh.enabled }}
|
||||
- port: 49312
|
||||
protocol: TCP
|
||||
name: cloudflared-met
|
||||
{{- end }}
|
||||
selector:
|
||||
app: {{ template "pihole.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
14
manifests/pihole/templates/tests/test-pihole-endpoint.yml
Normal file
14
manifests/pihole/templates/tests/test-pihole-endpoint.yml
Normal file
@ -0,0 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-smoke-test"
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
spec:
|
||||
containers:
|
||||
- name: hook1-container
|
||||
image: curlimages/curl
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ['sh', '-c', 'curl http://{{ template "pihole.fullname" . }}-web:80/']
|
||||
restartPolicy: Never
|
||||
terminationGracePeriodSeconds: 0
|
31
manifests/pihole/templates/volume-claim.yaml
Normal file
31
manifests/pihole/templates/volume-claim.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
{{- if .Values.persistentVolumeClaim.enabled -}}
|
||||
{{- if not .Values.persistentVolumeClaim.existingClaim -}}
|
||||
apiVersion: "v1"
|
||||
kind: "PersistentVolumeClaim"
|
||||
metadata:
|
||||
{{- if .Values.persistentVolumeClaim.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.persistentVolumeClaim.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "pihole.name" . }}
|
||||
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
|
||||
component: "{{ .Values.persistentVolumeClaim.name }}"
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
name: {{ template "pihole.fullname" . }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{ toYaml .Values.persistentVolumeClaim.accessModes | indent 4 }}
|
||||
{{- if .Values.persistentVolumeClaim.storageClass }}
|
||||
{{- if (eq "-" .Values.persistentVolumeClaim.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.persistentVolumeClaim.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: "{{ .Values.persistentVolumeClaim.size }}"
|
||||
{{- end -}}
|
||||
{{- end -}}
|
23
manifests/prometheus/.helmignore
Normal file
23
manifests/prometheus/.helmignore
Normal file
@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
|
||||
OWNERS
|
15
manifests/prometheus/Chart.lock
Normal file
15
manifests/prometheus/Chart.lock
Normal file
@ -0,0 +1,15 @@
|
||||
dependencies:
|
||||
- name: alertmanager
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 1.13.1
|
||||
- name: kube-state-metrics
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 5.27.0
|
||||
- name: prometheus-node-exporter
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 4.42.0
|
||||
- name: prometheus-pushgateway
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 2.15.0
|
||||
digest: sha256:860638cfcd7d346d50c7a377403e80730d2e5e9d625052324385ed165c0f850b
|
||||
generated: "2024-11-09T17:32:43.009497-05:00"
|
53
manifests/prometheus/Chart.yaml
Normal file
53
manifests/prometheus/Chart.yaml
Normal file
@ -0,0 +1,53 @@
|
||||
annotations:
|
||||
artifacthub.io/license: Apache-2.0
|
||||
artifacthub.io/links: |
|
||||
- name: Chart Source
|
||||
url: https://github.com/prometheus-community/helm-charts
|
||||
- name: Upstream Project
|
||||
url: https://github.com/prometheus/prometheus
|
||||
apiVersion: v2
|
||||
appVersion: v2.55.1
|
||||
dependencies:
|
||||
- condition: alertmanager.enabled
|
||||
name: alertmanager
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 1.13.*
|
||||
- condition: kube-state-metrics.enabled
|
||||
name: kube-state-metrics
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 5.27.*
|
||||
- condition: prometheus-node-exporter.enabled
|
||||
name: prometheus-node-exporter
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 4.42.*
|
||||
- condition: prometheus-pushgateway.enabled
|
||||
name: prometheus-pushgateway
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 2.15.*
|
||||
description: Prometheus is a monitoring system and time series database.
|
||||
home: https://prometheus.io/
|
||||
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
|
||||
keywords:
|
||||
- monitoring
|
||||
- prometheus
|
||||
kubeVersion: '>=1.19.0-0'
|
||||
maintainers:
|
||||
- email: gianrubio@gmail.com
|
||||
name: gianrubio
|
||||
- email: zanhsieh@gmail.com
|
||||
name: zanhsieh
|
||||
- email: miroslav.hadzhiev@gmail.com
|
||||
name: Xtigyro
|
||||
- email: naseem@transit.app
|
||||
name: naseemkullah
|
||||
- email: rootsandtrees@posteo.de
|
||||
name: zeritti
|
||||
name: prometheus
|
||||
sources:
|
||||
- https://github.com/prometheus/alertmanager
|
||||
- https://github.com/prometheus/prometheus
|
||||
- https://github.com/prometheus/pushgateway
|
||||
- https://github.com/prometheus/node_exporter
|
||||
- https://github.com/kubernetes/kube-state-metrics
|
||||
type: application
|
||||
version: 25.30.1
|
382
manifests/prometheus/README.md
Normal file
382
manifests/prometheus/README.md
Normal file
@ -0,0 +1,382 @@
|
||||
# Prometheus
|
||||
|
||||
[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.
|
||||
|
||||
This chart bootstraps a [Prometheus](https://prometheus.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.19+
|
||||
- Helm 3.7+
|
||||
|
||||
## Get Repository Info
|
||||
|
||||
```console
|
||||
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [helm repository](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Install Chart
|
||||
|
||||
Starting with version 16.0, the Prometheus chart requires Helm 3.7+ in order to install successfully. Please check your `helm` release before installation.
|
||||
|
||||
```console
|
||||
helm install [RELEASE_NAME] prometheus-community/prometheus
|
||||
```
|
||||
|
||||
_See [configuration](#configuration) below._
|
||||
|
||||
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
|
||||
|
||||
## Dependencies
|
||||
|
||||
By default this chart installs additional, dependent charts:
|
||||
|
||||
- [alertmanager](https://github.com/prometheus-community/helm-charts/tree/main/charts/alertmanager)
|
||||
- [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics)
|
||||
- [prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter)
|
||||
- [prometheus-pushgateway](https://github.com/walker-tom/helm-charts/tree/main/charts/prometheus-pushgateway)
|
||||
|
||||
To disable the dependency during installation, set `alertmanager.enabled`, `kube-state-metrics.enabled`, `prometheus-node-exporter.enabled` and `prometheus-pushgateway.enabled` to `false`.
|
||||
|
||||
_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
|
||||
|
||||
## Uninstall Chart
|
||||
|
||||
```console
|
||||
helm uninstall [RELEASE_NAME]
|
||||
```
|
||||
|
||||
This removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
|
||||
|
||||
## Updating values.schema.json
|
||||
|
||||
A [`values.schema.json`](https://helm.sh/docs/topics/charts/#schema-files) file has been added to validate chart values. When `values.yaml` file has a structure change (i.e. add a new field, change value type, etc.), modify `values.schema.json` file manually or run `helm schema-gen values.yaml > values.schema.json` to ensure the schema is aligned with the latest values. Refer to [helm plugin `helm-schema-gen`](https://github.com/karuppiah7890/helm-schema-gen) for plugin installation instructions.
|
||||
|
||||
## Upgrading Chart
|
||||
|
||||
```console
|
||||
helm upgrade [RELEASE_NAME] prometheus-community/prometheus --install
|
||||
```
|
||||
|
||||
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
|
||||
|
||||
### To 25.0
|
||||
|
||||
The `server.remoteRead[].url` and `server.remoteWrite[].url` fields now support templating. Allowing for `url` values such as `https://{{ .Release.Name }}.example.com`.
|
||||
|
||||
Any entries in these which previously included `{{` or `}}` must be escaped with `{{ "{{" }}` and `{{ "}}" }}` respectively. Entries which did not previously include the template-like syntax will not be affected.
|
||||
|
||||
### To 24.0
|
||||
|
||||
Require Kubernetes 1.19+
|
||||
|
||||
Release 1.0.0 of the _alertmanager_ replaced [configmap-reload](https://github.com/jimmidyson/configmap-reload) with [prometheus-config-reloader](https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader).
|
||||
Extra command-line arguments specified via `configmapReload.prometheus.extraArgs` are not compatible and will break with the new prometheus-config-reloader. Please, refer to the [sources](https://github.com/prometheus-operator/prometheus-operator/blob/main/cmd/prometheus-config-reloader/main.go) in order to make the appropriate adjustment to the extra command-line arguments.
|
||||
|
||||
### To 23.0
|
||||
|
||||
Release 5.0.0 of the _kube-state-metrics_ chart introduced a separation of the `image.repository` value in two distinct values:
|
||||
|
||||
```console
|
||||
image:
|
||||
registry: registry.k8s.io
|
||||
repository: kube-state-metrics/kube-state-metrics
|
||||
```
|
||||
|
||||
If a custom values file or CLI flags set `kube-state.metrics.image.repository`, please, set the new values accordingly.
|
||||
|
||||
If you are upgrading _prometheus-pushgateway_ with the chart and _prometheus-pushgateway_ has been deployed as a statefulset with a persistent volume, the statefulset must be deleted before upgrading the chart, e.g.:
|
||||
|
||||
```bash
|
||||
kubectl delete sts -l app.kubernetes.io/name=prometheus-pushgateway -n monitoring --cascade=orphan
|
||||
```
|
||||
|
||||
Users are advised to review changes in the corresponding chart releases before upgrading.
|
||||
|
||||
### To 22.0
|
||||
|
||||
The `app.kubernetes.io/version` label has been removed from the pod selector.
|
||||
|
||||
Therefore, you must delete the previous StatefulSet or Deployment before upgrading. Performing this operation will cause **Prometheus to stop functioning** until the upgrade is complete.
|
||||
|
||||
```console
|
||||
kubectl delete deploy,sts -l app.kubernetes.io/name=prometheus
|
||||
```
|
||||
|
||||
### To 21.0
|
||||
|
||||
The Kubernetes labels have been updated to follow [Helm 3 label and annotation best practices](https://helm.sh/docs/chart_best_practices/labels/).
|
||||
Specifically, labels mapping is listed below:
|
||||
|
||||
| OLD | NEW |
|
||||
|--------------------|------------------------------|
|
||||
|heritage | app.kubernetes.io/managed-by |
|
||||
|chart | helm.sh/chart |
|
||||
|[container version] | app.kubernetes.io/version |
|
||||
|app | app.kubernetes.io/name |
|
||||
|release | app.kubernetes.io/instance |
|
||||
|
||||
Therefore, depending on the way you've configured the chart, the previous StatefulSet or Deployment need to be deleted before upgrade.
|
||||
|
||||
If `runAsStatefulSet: false` (this is the default):
|
||||
|
||||
```console
|
||||
kubectl delete deploy -l app=prometheus
|
||||
```
|
||||
|
||||
If `runAsStatefulSet: true`:
|
||||
|
||||
```console
|
||||
kubectl delete sts -l app=prometheus
|
||||
```
|
||||
|
||||
After that do the actual upgrade:
|
||||
|
||||
```console
|
||||
helm upgrade -i prometheus prometheus-community/prometheus
|
||||
```
|
||||
|
||||
### To 20.0
|
||||
|
||||
The [configmap-reload](https://github.com/jimmidyson/configmap-reload) container was replaced by the [prometheus-config-reloader](https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader).
|
||||
Extra command-line arguments specified via configmapReload.prometheus.extraArgs are not compatible and will break with the new prometheus-config-reloader, refer to the [sources](https://github.com/prometheus-operator/prometheus-operator/blob/main/cmd/prometheus-config-reloader/main.go) in order to make the appropriate adjustment to the extra command-line arguments.
|
||||
|
||||
### To 19.0
|
||||
|
||||
Prometheus has been updated to version v2.40.5.
|
||||
|
||||
Prometheus-pushgateway was updated to version 2.0.0 which adapted [Helm label and annotation best practices](https://helm.sh/docs/chart_best_practices/labels/).
|
||||
See the [upgrade docs of the prometheus-pushgateway chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-pushgateway#to-200) to see whats to do, before you upgrade Prometheus!
|
||||
|
||||
The condition in Chart.yaml to disable kube-state-metrics has been changed from `kubeStateMetrics.enabled` to `kube-state-metrics.enabled`
|
||||
|
||||
The Docker image tag is used from appVersion field in Chart.yaml by default.
|
||||
|
||||
Unused subchart configs has been removed and subchart config is now on the bottom of the config file.
|
||||
|
||||
If Prometheus is used as deployment the updatestrategy has been changed to "Recreate" by default, so Helm updates work out of the box.
|
||||
|
||||
`.Values.server.extraTemplates` & `.Values.server.extraObjects` has been removed in favour of `.Values.extraManifests`, which can do the same.
|
||||
|
||||
`.Values.server.enabled` has been removed as it's useless now that all components are created by subcharts.
|
||||
|
||||
All files in `templates/server` directory has been moved to `templates` directory.
|
||||
|
||||
```bash
|
||||
helm upgrade [RELEASE_NAME] prometheus-community/prometheus --version 19.0.0
|
||||
```
|
||||
|
||||
### To 18.0
|
||||
|
||||
Version 18.0.0 uses alertmanager service from the [alertmanager chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/alertmanager). If you've made some config changes, please check the old `alertmanager` and the new `alertmanager` configuration section in values.yaml for differences.
|
||||
|
||||
Note that the `configmapReload` section for `alertmanager` was moved out of dedicated section (`configmapReload.alertmanager`) to alertmanager embedded (`alertmanager.configmapReload`).
|
||||
|
||||
Before you update, please scale down the `prometheus-server` deployment to `0` then perform upgrade:
|
||||
|
||||
```bash
|
||||
# In 17.x
|
||||
kubectl scale deploy prometheus-server --replicas=0
|
||||
# Upgrade
|
||||
helm upgrade [RELEASE_NAME] prometheus-community/prometheus --version 18.0.0
|
||||
```
|
||||
|
||||
### To 17.0
|
||||
|
||||
Version 17.0.0 uses pushgateway service from the [prometheus-pushgateway chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-pushgateway). If you've made some config changes, please check the old `pushgateway` and the new `prometheus-pushgateway` configuration section in values.yaml for differences.
|
||||
|
||||
Before you update, please scale down the `prometheus-server` deployment to `0` then perform upgrade:
|
||||
|
||||
```bash
|
||||
# In 16.x
|
||||
kubectl scale deploy prometheus-server --replicas=0
|
||||
# Upgrade
|
||||
helm upgrade [RELEASE_NAME] prometheus-community/prometheus --version 17.0.0
|
||||
```
|
||||
|
||||
### To 16.0
|
||||
|
||||
Starting from version 16.0 embedded services (like alertmanager, node-exporter etc.) are moved out of Prometheus chart and the respecting charts from this repository are used as dependencies. Version 16.0.0 moves node-exporter service to [prometheus-node-exporter chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter). If you've made some config changes, please check the old `nodeExporter` and the new `prometheus-node-exporter` configuration section in values.yaml for differences.
|
||||
|
||||
Before you update, please scale down the `prometheus-server` deployment to `0` then perform upgrade:
|
||||
|
||||
```bash
|
||||
# In 15.x
|
||||
kubectl scale deploy prometheus-server --replicas=0
|
||||
# Upgrade
|
||||
helm upgrade [RELEASE_NAME] prometheus-community/prometheus --version 16.0.0
|
||||
```
|
||||
|
||||
### To 15.0
|
||||
|
||||
Version 15.0.0 changes the relabeling config, aligning it with the [Prometheus community conventions](https://github.com/prometheus/prometheus/pull/9832). If you've made manual changes to the relabeling config, you have to adapt your changes.
|
||||
|
||||
Before you update please execute the following command, to be able to update kube-state-metrics:
|
||||
|
||||
```bash
|
||||
kubectl delete deployments.apps -l app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=kube-state-metrics --cascade=orphan
|
||||
```
|
||||
|
||||
### To 9.0
|
||||
|
||||
Version 9.0 adds a new option to enable or disable the Prometheus Server. This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment. To install the server `server.enabled` must be set to `true`.
|
||||
|
||||
### To 5.0
|
||||
|
||||
As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data.
|
||||
|
||||
Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/).
|
||||
|
||||
Users of this chart will need to update their alerting rules to the new format before they can upgrade.
|
||||
|
||||
### Example Migration
|
||||
|
||||
Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following:
|
||||
|
||||
1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below:
|
||||
|
||||
```yaml
|
||||
alertmanager:
|
||||
enabled: false
|
||||
alertmanagerFiles:
|
||||
alertmanager.yml: ""
|
||||
kubeStateMetrics:
|
||||
enabled: false
|
||||
nodeExporter:
|
||||
enabled: false
|
||||
pushgateway:
|
||||
enabled: false
|
||||
server:
|
||||
extraArgs:
|
||||
storage.local.retention: 720h
|
||||
serverFiles:
|
||||
alerts: ""
|
||||
prometheus.yml: ""
|
||||
rules: ""
|
||||
```
|
||||
|
||||
1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target.
|
||||
|
||||
```yaml
|
||||
prometheus.yml:
|
||||
...
|
||||
remote_read:
|
||||
- url: http://prometheus-old/api/v1/read
|
||||
...
|
||||
```
|
||||
|
||||
Old data will be available when you query the new prometheus instance.
|
||||
|
||||
## Configuration
|
||||
|
||||
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
|
||||
|
||||
```console
|
||||
helm show values prometheus-community/prometheus
|
||||
```
|
||||
|
||||
You may similarly use the above configuration commands on each chart [dependency](#dependencies) to see its configurations.
|
||||
|
||||
### Scraping Pod Metrics via Annotations
|
||||
|
||||
This chart uses a default configuration that causes prometheus to scrape a variety of kubernetes resource types, provided they have the correct annotations. In this section we describe how to configure pods to be scraped; for information on how other resource types can be scraped you can do a `helm template` to get the kubernetes resource definitions, and then reference the prometheus configuration in the ConfigMap against the prometheus documentation for [relabel_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) and [kubernetes_sd_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config).
|
||||
|
||||
In order to get prometheus to scrape pods, you must add annotations to the pods as below:
|
||||
|
||||
```yaml
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/path: /metrics
|
||||
prometheus.io/port: "8080"
|
||||
```
|
||||
|
||||
You should adjust `prometheus.io/path` based on the URL that your pod serves metrics from. `prometheus.io/port` should be set to the port that your pod serves metrics from. Note that the values for `prometheus.io/scrape` and `prometheus.io/port` must be enclosed in double quotes.
|
||||
|
||||
### Sharing Alerts Between Services
|
||||
|
||||
Note that when [installing](#install-chart) or [upgrading](#upgrading-chart) you may use multiple values override files. This is particularly useful when you have alerts belonging to multiple services in the cluster. For example,
|
||||
|
||||
```yaml
|
||||
# values.yaml
|
||||
# ...
|
||||
|
||||
# service1-alert.yaml
|
||||
serverFiles:
|
||||
alerts:
|
||||
service1:
|
||||
- alert: anAlert
|
||||
# ...
|
||||
|
||||
# service2-alert.yaml
|
||||
serverFiles:
|
||||
alerts:
|
||||
service2:
|
||||
- alert: anAlert
|
||||
# ...
|
||||
```
|
||||
|
||||
```console
|
||||
helm install [RELEASE_NAME] prometheus-community/prometheus -f values.yaml -f service1-alert.yaml -f service2-alert.yaml
|
||||
```
|
||||
|
||||
### RBAC Configuration
|
||||
|
||||
Roles and RoleBindings resources will be created automatically for `server` service.
|
||||
|
||||
To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account.
|
||||
|
||||
> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own.
|
||||
|
||||
### ConfigMap Files
|
||||
|
||||
AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod.
|
||||
|
||||
Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod.
|
||||
|
||||
### Ingress TLS
|
||||
|
||||
If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism.
|
||||
|
||||
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
|
||||
|
||||
```console
|
||||
kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key
|
||||
```
|
||||
|
||||
Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file:
|
||||
|
||||
```yaml
|
||||
server:
|
||||
ingress:
|
||||
## If true, Prometheus server Ingress will be created
|
||||
##
|
||||
enabled: true
|
||||
|
||||
## Prometheus server Ingress hostnames
|
||||
## Must be provided if Ingress is enabled
|
||||
##
|
||||
hosts:
|
||||
- prometheus.domain.com
|
||||
|
||||
## Prometheus server Ingress TLS configuration
|
||||
## Secrets must be manually created in the namespace
|
||||
##
|
||||
tls:
|
||||
- secretName: prometheus-server-tls
|
||||
hosts:
|
||||
- prometheus.domain.com
|
||||
```
|
||||
|
||||
### NetworkPolicy
|
||||
|
||||
Enabling Network Policy for Prometheus will secure connections to Alert Manager and Kube State Metrics by only accepting connections from Prometheus Server. All inbound connections to Prometheus Server are still allowed.
|
||||
|
||||
To enable network policy for Prometheus, install a networking plugin that implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true.
|
||||
|
||||
If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need to manually create a networkpolicy which allows it.
|
25
manifests/prometheus/charts/alertmanager/.helmignore
Normal file
25
manifests/prometheus/charts/alertmanager/.helmignore
Normal file
@ -0,0 +1,25 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
|
||||
unittests/
|
24
manifests/prometheus/charts/alertmanager/Chart.yaml
Normal file
24
manifests/prometheus/charts/alertmanager/Chart.yaml
Normal file
@ -0,0 +1,24 @@
|
||||
annotations:
|
||||
artifacthub.io/license: Apache-2.0
|
||||
artifacthub.io/links: |
|
||||
- name: Chart Source
|
||||
url: https://github.com/prometheus-community/helm-charts
|
||||
apiVersion: v2
|
||||
appVersion: v0.27.0
|
||||
description: The Alertmanager handles alerts sent by client applications such as the
|
||||
Prometheus server.
|
||||
home: https://prometheus.io/
|
||||
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
|
||||
keywords:
|
||||
- monitoring
|
||||
kubeVersion: '>=1.19.0-0'
|
||||
maintainers:
|
||||
- email: monotek23@gmail.com
|
||||
name: monotek
|
||||
- email: naseem@transit.app
|
||||
name: naseemkullah
|
||||
name: alertmanager
|
||||
sources:
|
||||
- https://github.com/prometheus/alertmanager
|
||||
type: application
|
||||
version: 1.13.1
|
62
manifests/prometheus/charts/alertmanager/README.md
Normal file
62
manifests/prometheus/charts/alertmanager/README.md
Normal file
@ -0,0 +1,62 @@
|
||||
# Alertmanager
|
||||
|
||||
As per [prometheus.io documentation](https://prometheus.io/docs/alerting/latest/alertmanager/):
|
||||
> The Alertmanager handles alerts sent by client applications such as the
|
||||
> Prometheus server. It takes care of deduplicating, grouping, and routing them
|
||||
> to the correct receiver integration such as email, PagerDuty, or OpsGenie. It
|
||||
> also takes care of silencing and inhibition of alerts.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Kubernetes 1.14+
|
||||
|
||||
## Get Repository Info
|
||||
|
||||
```console
|
||||
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._
|
||||
|
||||
## Install Chart
|
||||
|
||||
```console
|
||||
helm install [RELEASE_NAME] prometheus-community/alertmanager
|
||||
```
|
||||
|
||||
_See [configuration](#configuration) below._
|
||||
|
||||
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
|
||||
|
||||
## Uninstall Chart
|
||||
|
||||
```console
|
||||
helm uninstall [RELEASE_NAME]
|
||||
```
|
||||
|
||||
This removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
|
||||
|
||||
## Upgrading Chart
|
||||
|
||||
```console
|
||||
helm upgrade [RELEASE_NAME] [CHART] --install
|
||||
```
|
||||
|
||||
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
|
||||
|
||||
### To 1.0
|
||||
|
||||
The [configmap-reload](https://github.com/jimmidyson/configmap-reload) container was replaced by the [prometheus-config-reloader](https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader).
|
||||
Extra command-line arguments specified via configmapReload.prometheus.extraArgs are not compatible and will break with the new prometheus-config-reloader, refer to the [sources](https://github.com/prometheus-operator/prometheus-operator/blob/main/cmd/prometheus-config-reloader/main.go) in order to make the appropriate adjustment to the extea command-line arguments.
|
||||
The `networking.k8s.io/v1beta1` is no longer supported. use [`networking.k8s.io/v1`](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingressclass-v122).
|
||||
|
||||
## Configuration
|
||||
|
||||
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
|
||||
|
||||
```console
|
||||
helm show values prometheus-community/alertmanager
|
||||
```
|
@ -0,0 +1,2 @@
|
||||
configmapReload:
|
||||
enabled: true
|
21
manifests/prometheus/charts/alertmanager/templates/NOTES.txt
Normal file
21
manifests/prometheus/charts/alertmanager/templates/NOTES.txt
Normal file
@ -0,0 +1,21 @@
|
||||
1. Get the application URL by running these commands:
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- range $host := .Values.ingress.hosts }}
|
||||
{{- range .paths }}
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else if contains "NodePort" .Values.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ include "alertmanager.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "alertmanager.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ include "alertmanager.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get --namespace {{ include "alertmanager.namespace" . }} svc -w {{ include "alertmanager.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ include "alertmanager.namespace" . }} {{ include "alertmanager.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
|
||||
echo http://$SERVICE_IP:{{ .Values.service.port }}
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ include "alertmanager.namespace" . }} -l "app.kubernetes.io/name={{ include "alertmanager.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application"
|
||||
kubectl --namespace {{ include "alertmanager.namespace" . }} port-forward $POD_NAME {{ .Values.service.port }}:80
|
||||
{{- end }}
|
@ -0,0 +1,92 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "alertmanager.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "alertmanager.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "alertmanager.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "alertmanager.labels" -}}
|
||||
helm.sh/chart: {{ include "alertmanager.chart" . }}
|
||||
{{ include "alertmanager.selectorLabels" . }}
|
||||
{{- with .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ . | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "alertmanager.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "alertmanager.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "alertmanager.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "alertmanager.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Define Ingress apiVersion
|
||||
*/}}
|
||||
{{- define "alertmanager.ingress.apiVersion" -}}
|
||||
{{- printf "networking.k8s.io/v1" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Define Pdb apiVersion
|
||||
*/}}
|
||||
{{- define "alertmanager.pdb.apiVersion" -}}
|
||||
{{- if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
|
||||
{{- printf "policy/v1" }}
|
||||
{{- else }}
|
||||
{{- printf "policy/v1beta1" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Allow overriding alertmanager namespace
|
||||
*/}}
|
||||
{{- define "alertmanager.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,21 @@
|
||||
{{- if .Values.config.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "alertmanager.fullname" . }}
|
||||
labels:
|
||||
{{- include "alertmanager.labels" . | nindent 4 }}
|
||||
{{- with .Values.configAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespace: {{ include "alertmanager.namespace" . }}
|
||||
data:
|
||||
alertmanager.yml: |
|
||||
{{- $config := omit .Values.config "enabled" }}
|
||||
{{- toYaml $config | default "{}" | nindent 4 }}
|
||||
{{- range $key, $value := .Values.templates }}
|
||||
{{ $key }}: |-
|
||||
{{- $value | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,44 @@
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- $fullName := include "alertmanager.fullname" . }}
|
||||
{{- $svcPort := .Values.service.port }}
|
||||
apiVersion: {{ include "alertmanager.ingress.apiVersion" . }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
labels:
|
||||
{{- include "alertmanager.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespace: {{ include "alertmanager.namespace" . }}
|
||||
spec:
|
||||
{{- if .Values.ingress.className }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ .path }}
|
||||
pathType: {{ .pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
number: {{ $svcPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,56 @@
|
||||
{{- if and .Values.servicePerReplica.enabled .Values.ingressPerReplica.enabled }}
|
||||
{{- $pathType := .Values.ingressPerReplica.pathType }}
|
||||
{{- $count := .Values.replicaCount | int -}}
|
||||
{{- $servicePort := .Values.service.port -}}
|
||||
{{- $ingressValues := .Values.ingressPerReplica -}}
|
||||
{{- $fullName := include "alertmanager.fullname" . }}
|
||||
apiVersion: v1
|
||||
kind: List
|
||||
metadata:
|
||||
name: {{ $fullName }}-ingressperreplica
|
||||
namespace: {{ include "alertmanager.namespace" . }}
|
||||
items:
|
||||
{{- range $i, $e := until $count }}
|
||||
- kind: Ingress
|
||||
apiVersion: {{ include "alertmanager.ingress.apiVersion" $ }}
|
||||
metadata:
|
||||
name: {{ $fullName }}-{{ $i }}
|
||||
namespace: {{ include "alertmanager.namespace" $ }}
|
||||
labels:
|
||||
{{- include "alertmanager.labels" $ | nindent 8 }}
|
||||
{{- if $ingressValues.labels }}
|
||||
{{ toYaml $ingressValues.labels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if $ingressValues.annotations }}
|
||||
annotations:
|
||||
{{ toYaml $ingressValues.annotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if $ingressValues.className }}
|
||||
ingressClassName: {{ $ingressValues.className }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
|
||||
http:
|
||||
paths:
|
||||
{{- range $p := $ingressValues.paths }}
|
||||
- path: {{ tpl $p $ }}
|
||||
pathType: {{ $pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $fullName }}-{{ $i }}
|
||||
port:
|
||||
name: http
|
||||
{{- end -}}
|
||||
{{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
|
||||
{{- if $ingressValues.tlsSecretPerReplica.enabled }}
|
||||
secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }}
|
||||
{{- else }}
|
||||
secretName: {{ $ingressValues.tlsSecretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
14
manifests/prometheus/charts/alertmanager/templates/pdb.yaml
Normal file
14
manifests/prometheus/charts/alertmanager/templates/pdb.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
{{- if .Values.podDisruptionBudget }}
|
||||
apiVersion: {{ include "alertmanager.pdb.apiVersion" . }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "alertmanager.fullname" . }}
|
||||
labels:
|
||||
{{- include "alertmanager.labels" . | nindent 4 }}
|
||||
namespace: {{ include "alertmanager.namespace" . }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "alertmanager.selectorLabels" . | nindent 6 }}
|
||||
{{- toYaml .Values.podDisruptionBudget | nindent 2 }}
|
||||
{{- end }}
|
@ -0,0 +1,14 @@
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "alertmanager.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "alertmanager.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespace: {{ include "alertmanager.namespace" . }}
|
||||
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
|
||||
{{- end }}
|
@ -0,0 +1,44 @@
|
||||
{{- if and .Values.servicePerReplica.enabled }}
|
||||
{{- $count := .Values.replicaCount | int -}}
|
||||
{{- $serviceValues := .Values.servicePerReplica -}}
|
||||
apiVersion: v1
|
||||
kind: List
|
||||
metadata:
|
||||
name: {{ include "alertmanager.fullname" . }}-serviceperreplica
|
||||
namespace: {{ include "alertmanager.namespace" . }}
|
||||
items:
|
||||
{{- range $i, $e := until $count }}
|
||||
- apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "alertmanager.fullname" $ }}-{{ $i }}
|
||||
namespace: {{ include "alertmanager.namespace" $ }}
|
||||
labels:
|
||||
{{- include "alertmanager.labels" $ | nindent 8 }}
|
||||
{{- if $serviceValues.annotations }}
|
||||
annotations:
|
||||
{{ toYaml $serviceValues.annotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if $serviceValues.clusterIP }}
|
||||
clusterIP: {{ $serviceValues.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if $serviceValues.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := $serviceValues.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if ne $serviceValues.type "ClusterIP" }}
|
||||
externalTrafficPolicy: {{ $serviceValues.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ $.Values.service.port }}
|
||||
targetPort: http
|
||||
selector:
|
||||
{{- include "alertmanager.selectorLabels" $ | nindent 8 }}
|
||||
statefulset.kubernetes.io/pod-name: {{ include "alertmanager.fullname" $ }}-{{ $i }}
|
||||
type: "{{ $serviceValues.type }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -0,0 +1,75 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "alertmanager.fullname" . }}
|
||||
labels:
|
||||
{{- include "alertmanager.labels" . | nindent 4 }}
|
||||
{{- with .Values.service.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespace: {{ include "alertmanager.namespace" . }}
|
||||
spec:
|
||||
{{- if .Values.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
type: {{ .Values.service.type }}
|
||||
{{- with .Values.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := . }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
{{- if (and (eq .Values.service.type "NodePort") .Values.service.nodePort) }}
|
||||
nodePort: {{ .Values.service.nodePort }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.extraPorts }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "alertmanager.selectorLabels" . | nindent 4 }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "alertmanager.fullname" . }}-headless
|
||||
labels:
|
||||
{{- include "alertmanager.labels" . | nindent 4 }}
|
||||
{{- with .Values.service.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespace: {{ include "alertmanager.namespace" . }}
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
{{- if or (gt (int .Values.replicaCount) 1) (.Values.additionalPeers) }}
|
||||
- port: {{ .Values.service.clusterPort }}
|
||||
targetPort: clusterpeer-tcp
|
||||
protocol: TCP
|
||||
name: cluster-tcp
|
||||
- port: {{ .Values.service.clusterPort }}
|
||||
targetPort: clusterpeer-udp
|
||||
protocol: UDP
|
||||
name: cluster-udp
|
||||
{{- end }}
|
||||
{{- with .Values.service.extraPorts }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "alertmanager.selectorLabels" . | nindent 4 }}
|
@ -0,0 +1,256 @@
|
||||
{{- $svcClusterPort := .Values.service.clusterPort }}
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "alertmanager.fullname" . }}
|
||||
labels:
|
||||
{{- include "alertmanager.labels" . | nindent 4 }}
|
||||
{{- with .Values.statefulSet.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespace: {{ include "alertmanager.namespace" . }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
minReadySeconds: {{ .Values.minReadySeconds }}
|
||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "alertmanager.selectorLabels" . | nindent 6 }}
|
||||
serviceName: {{ include "alertmanager.fullname" . }}-headless
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "alertmanager.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podLabels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- if not .Values.configmapReload.enabled }}
|
||||
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "alertmanager.serviceAccountName" . }}
|
||||
{{- with .Values.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.hostAliases }}
|
||||
hostAliases:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.schedulerName }}
|
||||
schedulerName: {{ . }}
|
||||
{{- end }}
|
||||
{{- if or .Values.podAntiAffinity .Values.affinity }}
|
||||
affinity:
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.podAntiAffinity "hard" }}
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- topologyKey: {{ .Values.podAntiAffinityTopologyKey }}
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [{{ include "alertmanager.name" . }}]}
|
||||
{{- else if eq .Values.podAntiAffinity "soft" }}
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
topologyKey: {{ .Values.podAntiAffinityTopologyKey }}
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [{{ include "alertmanager.name" . }}]}
|
||||
{{- end }}
|
||||
{{- with .Values.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||
{{- with .Values.extraInitContainers }}
|
||||
initContainers:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
{{- if .Values.configmapReload.enabled }}
|
||||
- name: {{ .Chart.Name }}-{{ .Values.configmapReload.name }}
|
||||
image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}"
|
||||
{{- with .Values.configmapReload.extraEnv }}
|
||||
env:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
args:
|
||||
{{- if and (hasKey .Values.configmapReload.extraArgs "config-file" | not) (hasKey .Values.configmapReload.extraArgs "watched-dir" | not) }}
|
||||
- --watched-dir=/etc/alertmanager
|
||||
{{- end }}
|
||||
{{- if not (hasKey .Values.configmapReload.extraArgs "reload-url") }}
|
||||
- --reload-url=http://127.0.0.1:9093/-/reload
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.configmapReload.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.configmapReload.resources | nindent 12 }}
|
||||
{{- with .Values.configmapReload.containerPort }}
|
||||
ports:
|
||||
- containerPort: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.configmapReload.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if .Values.config.enabled }}
|
||||
- name: config
|
||||
mountPath: /etc/alertmanager
|
||||
{{- end }}
|
||||
{{- if .Values.configmapReload.extraVolumeMounts }}
|
||||
{{- toYaml .Values.configmapReload.extraVolumeMounts | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: {{ .Chart.Name }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
env:
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
{{- if .Values.extraEnv }}
|
||||
{{- toYaml .Values.extraEnv | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.command }}
|
||||
command:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
args:
|
||||
- --storage.path=/alertmanager
|
||||
{{- if not (hasKey .Values.extraArgs "config.file") }}
|
||||
- --config.file=/etc/alertmanager/alertmanager.yml
|
||||
{{- end }}
|
||||
{{- if or (gt (int .Values.replicaCount) 1) (.Values.additionalPeers) }}
|
||||
- --cluster.advertise-address=[$(POD_IP)]:{{ $svcClusterPort }}
|
||||
- --cluster.listen-address=0.0.0.0:{{ $svcClusterPort }}
|
||||
{{- end }}
|
||||
{{- if gt (int .Values.replicaCount) 1}}
|
||||
{{- $fullName := include "alertmanager.fullname" . }}
|
||||
{{- range $i := until (int .Values.replicaCount) }}
|
||||
- --cluster.peer={{ $fullName }}-{{ $i }}.{{ $fullName }}-headless:{{ $svcClusterPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.additionalPeers }}
|
||||
{{- range $item := .Values.additionalPeers }}
|
||||
- --cluster.peer={{ $item }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.extraArgs }}
|
||||
- --{{ $key }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- if .Values.baseURL }}
|
||||
- --web.external-url={{ .Values.baseURL }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 9093
|
||||
protocol: TCP
|
||||
{{- if or (gt (int .Values.replicaCount) 1) (.Values.additionalPeers) }}
|
||||
- name: clusterpeer-tcp
|
||||
containerPort: {{ $svcClusterPort }}
|
||||
protocol: TCP
|
||||
- name: clusterpeer-udp
|
||||
containerPort: {{ $svcClusterPort }}
|
||||
protocol: UDP
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
{{- toYaml .Values.livenessProbe | nindent 12 }}
|
||||
readinessProbe:
|
||||
{{- toYaml .Values.readinessProbe | nindent 12 }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
{{- if .Values.config.enabled }}
|
||||
- name: config
|
||||
mountPath: /etc/alertmanager
|
||||
{{- end }}
|
||||
{{- range .Values.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
subPath: {{ .subPath }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- end }}
|
||||
- name: storage
|
||||
mountPath: /alertmanager
|
||||
{{- if .Values.extraVolumeMounts }}
|
||||
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.extraContainers }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.config.enabled }}
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ include "alertmanager.fullname" . }}
|
||||
{{- end }}
|
||||
{{- range .Values.extraSecretMounts }}
|
||||
- name: {{ .name }}
|
||||
secret:
|
||||
secretName: {{ .secretName }}
|
||||
{{- with .optional }}
|
||||
optional: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumes }}
|
||||
{{- toYaml .Values.extraVolumes | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraPodConfigs }}
|
||||
{{- toYaml .Values.extraPodConfigs | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: storage
|
||||
spec:
|
||||
accessModes:
|
||||
{{- toYaml .Values.persistence.accessModes | nindent 10 }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size }}
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
{{- if (eq "-" .Values.persistence.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: {{ .Values.persistence.storageClass }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- name: storage
|
||||
emptyDir: {}
|
||||
{{- end }}
|
@ -0,0 +1,20 @@
|
||||
{{- if .Values.testFramework.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: "{{ include "alertmanager.fullname" . }}-test-connection"
|
||||
labels:
|
||||
{{- include "alertmanager.labels" . | nindent 4 }}
|
||||
{{- with .Values.testFramework.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespace: {{ include "alertmanager.namespace" . }}
|
||||
spec:
|
||||
containers:
|
||||
- name: wget
|
||||
image: busybox
|
||||
command: ['wget']
|
||||
args: ['{{ include "alertmanager.fullname" . }}:{{ .Values.service.port }}']
|
||||
restartPolicy: Never
|
||||
{{- end }}
|
26
manifests/prometheus/charts/alertmanager/templates/vpa.yaml
Normal file
26
manifests/prometheus/charts/alertmanager/templates/vpa.yaml
Normal file
@ -0,0 +1,26 @@
|
||||
{{- if .Values.verticalPodAutoscaler.enabled }}
|
||||
apiVersion: autoscaling.k8s.io/v1
|
||||
kind: VerticalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ include "alertmanager.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
{{- if .Values.verticalPodAutoscaler.recommenders }}
|
||||
recommenders:
|
||||
{{- range .Values.verticalPodAutoscaler.recommenders }}
|
||||
- name: {{ .name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
targetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
name: {{ include "alertmanager.fullname" . }}
|
||||
{{- if .Values.verticalPodAutoscaler.updatePolicy }}
|
||||
updatePolicy:
|
||||
{{- toYaml .Values.verticalPodAutoscaler.updatePolicy | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.verticalPodAutoscaler.resourcePolicy }}
|
||||
resourcePolicy:
|
||||
{{- toYaml .Values.verticalPodAutoscaler.resourcePolicy | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user